CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4372
https://notcve.org/view.php?id=CVE-2007-4372
16 Aug 2007 — Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. Vulnerabilidad no especificada en NetWin SurgeMail 38k en Windows Server 2003 tiene impacto y vectores desconoc... • http://osvdb.org/46400 •
CVSS: 8.8EPSS: 9%CPEs: 1EXPL: 1CVE-2007-4377 – Surgemail 38k - 'Search' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4377
16 Aug 2007 — Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372. Desbordamiento de búfer en el servicio IMAP de SurgeMail 38k permite a usuarios remotos autenticados ejecutar código de su elección mediante un argumento largo para el comando SEARCH. NOTA: podría solaparse con CVE-2007-4372. • https://www.exploit-db.com/exploits/4287 •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2007-2655
https://notcve.org/view.php?id=CVE-2007-2655
14 May 2007 — Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. Una vulnerabilidad no especificada en NetWin Webmail versión 3.1s-1 en SurgeMail versiones anteriores a 3.8i2, presenta un impacto desconocido y vectores de ataque remoto, posiblemente una vulnerabilidad de cadena de formato que permite la ejecución de código remota. • http://osvdb.org/35891 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1714
https://notcve.org/view.php?id=CVE-2005-1714
24 May 2005 — Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://secunia.com/advisories/15425 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0846
https://notcve.org/view.php?id=CVE-2005-0846
24 Mar 2005 — Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field. • http://marc.info/?l=bugtraq&m=111159967417903&w=2 •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-0845
https://notcve.org/view.php?id=CVE-2005-0845
24 Mar 2005 — Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter. • http://marc.info/?l=bugtraq&m=111159967417903&w=2 •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2004-2537
https://notcve.org/view.php?id=CVE-2004-2537
31 Dec 2004 — Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug." • http://netwinsite.com/surgemail/help/updates.htm •
CVSS: 5.3EPSS: 16%CPEs: 46EXPL: 5CVE-2004-2547 – NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Error Message Full Path Disclosure
https://notcve.org/view.php?id=CVE-2004-2547
31 Dec 2004 — NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message. • https://www.exploit-db.com/exploits/24176 •
CVSS: 6.1EPSS: 11%CPEs: 9EXPL: 5CVE-2004-2548 – NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Login Form Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2548
31 Dec 2004 — Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547). • https://www.exploit-db.com/exploits/24177 •