CVSS: 9.8EPSS: 23%CPEs: 25EXPL: 2CVE-2008-1055 – Surgemail and WebMail 3.0 - 'Page' Remote Format String
https://notcve.org/view.php?id=CVE-2008-1055
27 Feb 2008 — Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. Vulnerabilidad de cadena de formato en webmail.exe de NetWin SurgeMail 38k4 y versiones anteriores y beta 39a, y WebMail 3.1s y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del demonio... • https://www.exploit-db.com/exploits/31300 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2005-1819
https://notcve.org/view.php?id=CVE-2005-1819
01 Jun 2005 — Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://secunia.com/advisories/15518 •
CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 1CVE-2001-0857 – Horde IMP 2.2.x - Session Hijacking
https://notcve.org/view.php?id=CVE-2001-0857
06 Dec 2001 — Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. • https://www.exploit-db.com/exploits/21151 •