CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2012-2575 – Surgemail 6.0a4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2575
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en NetWin SurgeMail v6.0a4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del atributo SRC de un elemento IFRAME en el cuerpo de un mensaje de correo electrónico. • https://www.exploit-db.com/exploits/20363 http://www.exploit-db.com/exploits/20363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 109EXPL: 3CVE-2010-3201 – Surgemail SurgeWeb 4.3e - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-3201
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en NetWin Surgemail anterirores a v4.3g permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro username_ex sobre el programa surgeweb. • https://www.exploit-db.com/exploits/34797 http://ictsec.se/?p=108 http://secunia.com/advisories/41685 http://www.securityfocus.com/archive/1/514115/100/0/threaded http://www.securityfocus.com/bid/43679 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 63%CPEs: 1EXPL: 2CVE-2008-7182 – Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-7182
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859. Desbordamiento de búfer en el servicio IMAP en NetWin Surgemail v3.9e, y probablemente otras versiones anteriores a v3.9g2, permite a usuarios autenticados remotamente provocar una denegación de servicio (parada) y probablemente ejecutar código de su elección mediante un primer argumento largo en el comando APPEN, siendo un vector diferente que CVE-2008-1497 y CVE-2008-1498. NOTA: ante la falta de detalles, no está confirmado que sea la misma vulnerabilidad que CVE-2008-2859. • https://www.exploit-db.com/exploits/5968 http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/archive/1/496482 http://www.securityfocus.com/bid/30000 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 2%CPEs: 22EXPL: 1CVE-2008-2859 – Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-2859
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command." Vulnerabilidad no especificada en el servicio de IMAP en NetWin SurgeMail anterior a 3.9g2; permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante vectores desconocidos relacionados con un "comando imap". • https://www.exploit-db.com/exploits/5968 http://secunia.com/advisories/30739 http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/bid/29805 http://www.securitytracker.com/id?1020335 http://www.vupen.com/english/advisories/2008/1874/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43171 •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 1CVE-2008-1498 – NetWin Surgemail 3.8k4-4 - IMAP (Authenticated) Remote LIST Universal
https://notcve.org/view.php?id=CVE-2008-1498
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command. Desbordamiento de búfer basado en Pila en el servicio IMAP de NetWin SurgeMail 38k4-4 y versiones anteriores, permite a usuarios remotos autenticados ejecutar código de su elección mediante un primer argumento largo del comando LIST. • https://www.exploit-db.com/exploits/5259 http://secunia.com/advisories/29105 http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/bid/28260 http://www.vupen.com/english/advisories/2008/0901/references • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •