CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7209 – CVE-2024-7209
https://notcve.org/view.php?id=CVE-2024-7209
A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender. • https://kb.cert.org/vuls/id/244112 https://www.kb.cert.org/vuls/id/244112 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17933 – NetWin SurgeFTP 23f2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-17933
cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. cgi/surgeftpmgr.cgi (también conocido como la interfaz de gestión web en los puertos TCP 7021 o 9021) en NetWin SurgeFTP versión 23f2 tiene XSS mediante los parámetros classid, domainid o username. NetWin SurgeFTP version 23f2 suffers from multiple persistent cross site scripting vulnerabilities. • https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 11%CPEs: 16EXPL: 0CVE-2013-4742
https://notcve.org/view.php?id=CVE-2013-4742
Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. Desbordamiento de búfer en NetWin SurgeFTP anterior a v23d2 permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una cadena larga dentro de la solicitud de autenticación. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html http://osvdb.org/95582 http://secunia.com/advisories/54188 http://www.securityfocus.com/bid/61403 https://exchange.xforce.ibmcloud.com/vulnerabilities/85922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2012-2575 – Surgemail 6.0a4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2575
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en NetWin SurgeMail v6.0a4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del atributo SRC de un elemento IFRAME en el cuerpo de un mensaje de correo electrónico. • https://www.exploit-db.com/exploits/20363 http://www.exploit-db.com/exploits/20363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 109EXPL: 3CVE-2010-3201 – Surgemail SurgeWeb 4.3e - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-3201
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en NetWin Surgemail anterirores a v4.3g permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro username_ex sobre el programa surgeweb. • https://www.exploit-db.com/exploits/34797 http://ictsec.se/?p=108 http://secunia.com/advisories/41685 http://www.securityfocus.com/archive/1/514115/100/0/threaded http://www.securityfocus.com/bid/43679 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •