CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3769
https://notcve.org/view.php?id=CVE-2007-3769
15 Jul 2007 — Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administ... • http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2007-2655
https://notcve.org/view.php?id=CVE-2007-2655
14 May 2007 — Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. Una vulnerabilidad no especificada en NetWin Webmail versión 3.1s-1 en SurgeMail versiones anteriores a 3.8i2, presenta un impacto desconocido y vectores de ataque remoto, posiblemente una vulnerabilidad de cadena de formato que permite la ejecución de código remota. • http://osvdb.org/35891 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 8%CPEs: 5EXPL: 1CVE-2006-5100 – Web//News 1.4 - 'parser.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-5100
02 Oct 2006 — PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter. Vulnerabilidad PHP de inclusión remota de archivo en parse/parser.php en WEB//NEWS (también conocido como webnews) 1.4 y anteriores permite a atacantes remotos ejecutar código php de su elección mediante una URL en el parámetro WN_BASEDIR. • https://www.exploit-db.com/exploits/2435 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1714
https://notcve.org/view.php?id=CVE-2005-1714
24 May 2005 — Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://secunia.com/advisories/15425 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1516
https://notcve.org/view.php?id=CVE-2005-1516
11 May 2005 — DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function. • http://secunia.com/advisories/15242 •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 1CVE-2005-1478
https://notcve.org/view.php?id=CVE-2005-1478
11 May 2005 — Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command. • http://marc.info/?l=bugtraq&m=111531804617905&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2005-1034
https://notcve.org/view.php?id=CVE-2005-1034
09 Apr 2005 — SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. • http://marc.info/?l=bugtraq&m=111289226204780&w=2 •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-0845
https://notcve.org/view.php?id=CVE-2005-0845
24 Mar 2005 — Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter. • http://marc.info/?l=bugtraq&m=111159967417903&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0846
https://notcve.org/view.php?id=CVE-2005-0846
24 Mar 2005 — Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field. • http://marc.info/?l=bugtraq&m=111159967417903&w=2 •
CVSS: 6.1EPSS: 11%CPEs: 9EXPL: 5CVE-2004-2548 – NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Login Form Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2548
31 Dec 2004 — Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547). • https://www.exploit-db.com/exploits/24177 •