CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2002-0310
https://notcve.org/view.php?id=CVE-2002-0310
Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879. El programa CGI Netwin WebNews 1.1k incluye por defecto ciertos nombres de usuarios y contraseñas en texto claro que no pueden ser borrados por el administrador, lo que permite a atacantes remotos ganar privilegios mediante las combianciones de nombres de usuario/contraseña: testweb/newtestalwn3854/imaptestalwi3845/wtest3452, o testweb2/wtest4879. • http://marc.info/?l=bugtraq&m=101432236729631&w=2 http://www.securityfocus.com/bid/4156 https://exchange.xforce.ibmcloud.com/vulnerabilities/8255 •
CVSS: 4.6EPSS: 1%CPEs: 17EXPL: 0CVE-2002-0273
https://notcve.org/view.php?id=CVE-2002-0273
Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter. Desbordamiento de búfer en CWMail.exe en NetWin anteriores a 2.8a permite a usuarios remotos remotos ejecutar código arbitrario mediante un parámetro largo. • http://marc.info/?l=bugtraq&m=101362100602008&w=2 http://www.iss.net/security_center/static/8185.php http://www.securityfocus.com/bid/4093 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2001-0696
https://notcve.org/view.php?id=CVE-2001-0696
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con. • http://netwinsite.com/surgeftp/manual/updates.htm http://www.securityfocus.com/archive/1/191916 http://www.securityfocus.com/bid/2891 https://exchange.xforce.ibmcloud.com/vulnerabilities/6712 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 3CVE-2001-0697 – Netwin SurgeFTP 1.0b - Denial of Service
https://notcve.org/view.php?id=CVE-2001-0697
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command. • https://www.exploit-db.com/exploits/20659 http://netwinsite.com/surgeftp/manual/updates.htm http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200 http://www.securityfocus.com/archive/1/165816 http://www.securityfocus.com/bid/2442 https://exchange.xforce.ibmcloud.com/vulnerabilities/6168 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2001-0698
https://notcve.org/view.php?id=CVE-2001-0698
Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command. • http://www.netwinsite.com/surgeftp/manual/updates.htm http://www.securityfocus.com/archive/1/191916 http://www.securityfocus.com/bid/2892 https://exchange.xforce.ibmcloud.com/vulnerabilities/6711 •