CVSS: 4.3EPSS: 0%CPEs: 109EXPL: 3CVE-2010-3201 – Surgemail SurgeWeb 4.3e - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-3201
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en NetWin Surgemail anterirores a v4.3g permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro username_ex sobre el programa surgeweb. • https://www.exploit-db.com/exploits/34797 http://ictsec.se/?p=108 http://secunia.com/advisories/41685 http://www.securityfocus.com/archive/1/514115/100/0/threaded http://www.securityfocus.com/bid/43679 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 59%CPEs: 1EXPL: 2CVE-2008-7182 – Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-7182
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859. Desbordamiento de búfer en el servicio IMAP en NetWin Surgemail v3.9e, y probablemente otras versiones anteriores a v3.9g2, permite a usuarios autenticados remotamente provocar una denegación de servicio (parada) y probablemente ejecutar código de su elección mediante un primer argumento largo en el comando APPEN, siendo un vector diferente que CVE-2008-1497 y CVE-2008-1498. NOTA: ante la falta de detalles, no está confirmado que sea la misma vulnerabilidad que CVE-2008-2859. • https://www.exploit-db.com/exploits/5968 http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/archive/1/496482 http://www.securityfocus.com/bid/30000 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 2%CPEs: 22EXPL: 1CVE-2008-2859 – Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-2859
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command." Vulnerabilidad no especificada en el servicio de IMAP en NetWin SurgeMail anterior a 3.9g2; permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante vectores desconocidos relacionados con un "comando imap". • https://www.exploit-db.com/exploits/5968 http://secunia.com/advisories/30739 http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/bid/29805 http://www.securitytracker.com/id?1020335 http://www.vupen.com/english/advisories/2008/1874/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43171 •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 1CVE-2008-1498 – NetWin Surgemail 3.8k4-4 - IMAP (Authenticated) Remote LIST Universal
https://notcve.org/view.php?id=CVE-2008-1498
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command. Desbordamiento de búfer basado en Pila en el servicio IMAP de NetWin SurgeMail 38k4-4 y versiones anteriores, permite a usuarios remotos autenticados ejecutar código de su elección mediante un primer argumento largo del comando LIST. • https://www.exploit-db.com/exploits/5259 http://secunia.com/advisories/29105 http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/bid/28260 http://www.vupen.com/english/advisories/2008/0901/references • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 91%CPEs: 39EXPL: 3CVE-2008-1497
https://notcve.org/view.php?id=CVE-2008-1497
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command. Desbordamiento de búfer basado en Pila en el servicio IMAP de NetWin SurgeMail 38k4-4 y versiones anteriores, permite a usuarios remotos autenticados ejecutar código de su elección mediante argumentos largos del comando LSUB. • http://secunia.com/advisories/29105 http://securityreason.com/securityalert/3774 http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07 http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/archive/1/489959/100/0/threaded http://www.securityfocus.com/bid/28377 https://exchange.xforce.ibmcloud.com/vulnerabilities/41402 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •