6 matches found
CVE-2001-1354
The CVE-2001-1354 entry concerns the NetWin Authentication module (NWAuth) versions 2.0 and 3.0b, as implemented in SurgeFTP and DMail (and possibly other packages). The root cause is weak password hashing used by NWAuth, which could enable local users to decrypt stored passwords or to log in wit...
CVE-2001-1355
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail and SurgeFTP (and possibly other packages), could allow attackers to execute arbitrary code via long arguments to the -del or -lookup commands. The vulnerability is a result of unsafe handling of l...
CVE-2005-1478
CVE-2005-1478 affects NetWin DMail 3.1a DSmtp (dsmtp.exe) where a format-string vulnerability in the xtellmail command allows remote code execution. The root cause is improper handling of format specifiers in DSmtp; impact is arbitrary code execution on the server. Public exploit details are not ...
CVE-2000-0422
CVE-2000-0422 : Buffer overflow in the Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter. Affected component: Netwin DMailWeb CGI. Impact: arbitrary command execution; no patch/mitigation details are provided in the supplied documents. E...
CVE-2000-0490
CVE-2000-0490 : Buffer overflow in the NetWin DSMTP 2.7q (NetWin dmail) allows remote attackers to execute arbitrary commands via a long ETRN request. Affected component is the DSMTP server; root cause is a buffer overflow in processing the ETRN arguments, leading to potentially arbitrary code ex...
CVE-2005-1516
The CVE-2005-1516 issue affects NetWin DMail 3.1a’s DList component. The vulnerability enables a remote attacker to bypass authentication, read log files, and shut down the system by sending a log request (sendlog) with an incorrect password hash, which is not properly handled by the internal _cm...