CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23824
https://notcve.org/view.php?id=CVE-2020-23824
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. ArGo Soft Mail Server versión 1.8.8.9 está afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para realizar una ejecución de código arbitraria remota. El componente es el panel de administración. • https://github.com/V1n1v131r4/CSRF-on-ArGoSoft-Mail-Server/blob/master/README.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 1CVE-2017-15223 – ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2017-15223
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop. Vulnerabilidad de denegación de servicio (DoS) en ArGoSoft Mini Mail Server 1.0.0.2 y anteriores permite que los atacantes agoten los recursos de la CPU (consumo de memoria) mediante vectores no especificados, posiblemente desencadenando un bucle infinito. ArGoSoft Mini Mail Server version 1.0.0.2 suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/43026 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.4EPSS: 6%CPEs: 16EXPL: 2CVE-2006-2170
https://notcve.org/view.php?id=CVE-2006-2170
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. Desbordamiento de búfer en ArgoSoft FTP Server 1.4.3.6 permite a atacantes remotos ejecutar código arbitrario a través de Unicode en el comando RNTO, según lo demostrado por el Infigo FTPStress Fuzzer. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html http://marc.info/?l=bugtraq&m=114658586018818&w=2 http://secunia.com/advisories/19934 http://www.infigo.hr/en/in_focus/tools http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03 http://www.osvdb.org/25216 http://www.securityfocus.com/bid/17789 http://www.vupen.com/english/advisories/2006/1639 https://exchange.xforce.ibmcloud.com/vulnerabilities/26197 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0978
https://notcve.org/view.php?id=CVE-2006-0978
Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers. • http://secunia.com/advisories/18991 http://secunia.com/secunia_research/2006-6/advisory http://securityreason.com/securityalert/504 http://www.osvdb.org/23512 http://www.securityfocus.com/archive/1/426206/100/0/threaded http://www.securityfocus.com/bid/16834 http://www.vupen.com/english/advisories/2006/0751 https://exchange.xforce.ibmcloud.com/vulnerabilities/24945 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-0928
https://notcve.org/view.php?id=CVE-2006-0928
The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attackers to obtain sensitive information via the _DUMP command, which reveals the operating system, registered user, and registration code. • http://secunia.com/advisories/18990 http://www.nsag.ru/vuln/879.html http://www.securityfocus.com/archive/1/425968/100/0/threaded http://www.securityfocus.com/bid/16808 http://www.vupen.com/english/advisories/2006/0733 •