CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23824
https://notcve.org/view.php?id=CVE-2020-23824
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. ArGo Soft Mail Server versión 1.8.8.9 está afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para realizar una ejecución de código arbitraria remota. El componente es el panel de administración. • https://github.com/V1n1v131r4/CSRF-on-ArGoSoft-Mail-Server/blob/master/README.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 1CVE-2017-15223 – ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2017-15223
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop. Vulnerabilidad de denegación de servicio (DoS) en ArGoSoft Mini Mail Server 1.0.0.2 y anteriores permite que los atacantes agoten los recursos de la CPU (consumo de memoria) mediante vectores no especificados, posiblemente desencadenando un bucle infinito. ArGoSoft Mini Mail Server version 1.0.0.2 suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/43026 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0978
https://notcve.org/view.php?id=CVE-2006-0978
Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers. • http://secunia.com/advisories/18991 http://secunia.com/secunia_research/2006-6/advisory http://securityreason.com/securityalert/504 http://www.osvdb.org/23512 http://www.securityfocus.com/archive/1/426206/100/0/threaded http://www.securityfocus.com/bid/16834 http://www.vupen.com/english/advisories/2006/0751 https://exchange.xforce.ibmcloud.com/vulnerabilities/24945 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2006-0930
https://notcve.org/view.php?id=CVE-2006-0930
Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter. • http://secunia.com/advisories/18990 http://securityreason.com/securityalert/487 http://www.nsag.ru/vuln/877.html http://www.vupen.com/english/advisories/2006/0733 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-0928
https://notcve.org/view.php?id=CVE-2006-0928
The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attackers to obtain sensitive information via the _DUMP command, which reveals the operating system, registered user, and registration code. • http://secunia.com/advisories/18990 http://www.nsag.ru/vuln/879.html http://www.securityfocus.com/archive/1/425968/100/0/threaded http://www.securityfocus.com/bid/16808 http://www.vupen.com/english/advisories/2006/0733 •