3 matches found
CVE-2004-2547
NetWin SurgeMail (before 2.0c) and NetWin WebMail expose sensitive information through HTTP error handling. Requests to the root ("/"), to "/scripts/", or to a non-existent file can cause error messages that reveal the server path. This vulnerability is described as an information disclosure affe...
CVE-2004-2548
Multiple cross-site scripting XSS vulnerabilities in NetWin 1 SurgeMail before 2.0c and 2 WebMail allow remote attackers to inject arbitrary web script or HTML via a a URI containing the script, or b the username field in the login form. NOTE: it is possible that the first attack vector is...
CVE-2004-2547
NetWin 1 SurgeMail before 2.0c and 2 WebMail allow remote attackers to obtain sensitive information via HTTP requests that a specify the / URI, b specify the /scripts/ URI, or c specify a non-existent file, which reveal the path in an error message...