CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11990 – Cross-Site Scripting (XSS) en SurgeMail de NetWin
https://notcve.org/view.php?id=CVE-2024-11990
29 Nov 2024 — A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters. • https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-netwin-surgemail • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7209 – CVE-2024-7209
https://notcve.org/view.php?id=CVE-2024-7209
30 Jul 2024 — A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender. • https://kb.cert.org/vuls/id/244112 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17933 – NetWin SurgeFTP 23f2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-17933
28 Dec 2017 — cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. cgi/surgeftpmgr.cgi (también conocido como la interfaz de gestión web en los puertos TCP 7021 o 9021) en NetWin SurgeFTP versión 23f2 tiene XSS mediante los parámetros classid, domainid o username. NetWin SurgeFTP version 23f2 suffers from multiple persistent cross site scripting vulnerabilities. • https://packetstorm.news/files/id/145572 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 16EXPL: 0CVE-2013-4742 – Surge FTP 23c8 Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4742
23 Jul 2013 — Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. Desbordamiento de búfer en NetWin SurgeFTP anterior a v23d2 permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una cadena larga dentro de la solicitud de autenticación. Surge FTP server versions 23c8 and below suffer from a buffer overflow v... • http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2012-2575 – Surgemail 6.0a4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2575
17 Sep 2012 — Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en NetWin SurgeMail v6.0a4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del atributo SRC de un elemento IFRAME en el cuerpo de un mensaje de correo electrónico. • https://www.exploit-db.com/exploits/20363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 109EXPL: 3CVE-2010-3201 – Surgemail SurgeWeb 4.3e - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-3201
07 Jan 2011 — Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en NetWin Surgemail anterirores a v4.3g permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro username_ex sobre el programa surgeweb. • https://www.exploit-db.com/exploits/34797 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2010-1068
https://notcve.org/view.php?id=CVE-2010-1068
23 Mar 2010 — Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en surgeftpmgr.cgi en NetWin SurgeFTP v2.3a6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través de los parámetros (1) domainid o (2) classid en una acción class. • http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 13%CPEs: 1EXPL: 2CVE-2008-7182 – Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-7182
08 Sep 2009 — Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859. Desbordamiento de búfer en el servicio IMAP en NetWin Surgemail v3.9e, y probablemente otras versi... • https://www.exploit-db.com/exploits/5968 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2008-5421
https://notcve.org/view.php?id=CVE-2008-5421
11 Dec 2008 — The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header. El servicio SSL web administration en NetWin SmsGate v1.1n y anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) mediante (1) un entero largo en la ca... • http://aluigi.altervista.org/adv/smsgheit-adv.txt • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 22EXPL: 1CVE-2008-2859 – Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-2859
25 Jun 2008 — Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command." Vulnerabilidad no especificada en el servicio de IMAP en NetWin SurgeMail anterior a 3.9g2; permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante vectores desconocidos relacionados con un "comando imap". • https://www.exploit-db.com/exploits/5968 •