CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2010-1068
https://notcve.org/view.php?id=CVE-2010-1068
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en surgeftpmgr.cgi en NetWin SurgeFTP v2.3a6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través de los parámetros (1) domainid o (2) classid en una acción class. • http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt http://secunia.com/advisories/38097 http://www.exploit-db.com/exploits/11092 https://exchange.xforce.ibmcloud.com/vulnerabilities/55509 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 59%CPEs: 1EXPL: 2CVE-2008-7182 – Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-7182
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859. Desbordamiento de búfer en el servicio IMAP en NetWin Surgemail v3.9e, y probablemente otras versiones anteriores a v3.9g2, permite a usuarios autenticados remotamente provocar una denegación de servicio (parada) y probablemente ejecutar código de su elección mediante un primer argumento largo en el comando APPEN, siendo un vector diferente que CVE-2008-1497 y CVE-2008-1498. NOTA: ante la falta de detalles, no está confirmado que sea la misma vulnerabilidad que CVE-2008-2859. • https://www.exploit-db.com/exploits/5968 http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/archive/1/496482 http://www.securityfocus.com/bid/30000 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 1CVE-2008-5421
https://notcve.org/view.php?id=CVE-2008-5421
The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header. El servicio SSL web administration en NetWin SmsGate v1.1n y anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) mediante (1) un entero largo en la cabecera HTTP Content-Length; (2) un valor inválido en la cabecera HTTP Content-Length, como se demostró por el uso de un entero negativo; o (3) una cabecera HTTP Content-Length perdida. • http://aluigi.altervista.org/adv/smsgheit-adv.txt http://secunia.com/advisories/29149 http://www.securityfocus.com/bid/28048 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 2%CPEs: 22EXPL: 1CVE-2008-2859 – Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-2859
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command." Vulnerabilidad no especificada en el servicio de IMAP en NetWin SurgeMail anterior a 3.9g2; permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante vectores desconocidos relacionados con un "comando imap". • https://www.exploit-db.com/exploits/5968 http://secunia.com/advisories/30739 http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/bid/29805 http://www.securitytracker.com/id?1020335 http://www.vupen.com/english/advisories/2008/1874/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43171 •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 1CVE-2008-1498 – NetWin Surgemail 3.8k4-4 - IMAP (Authenticated) Remote LIST Universal
https://notcve.org/view.php?id=CVE-2008-1498
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command. Desbordamiento de búfer basado en Pila en el servicio IMAP de NetWin SurgeMail 38k4-4 y versiones anteriores, permite a usuarios remotos autenticados ejecutar código de su elección mediante un primer argumento largo del comando LIST. • https://www.exploit-db.com/exploits/5259 http://secunia.com/advisories/29105 http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/bid/28260 http://www.vupen.com/english/advisories/2008/0901/references • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •