Surgemail@* Security Vulnerabilities and Issues — Surgemail@* CVE List

Lucene search

NetwinSurgemail*

6 matches found

CVE•added 2008/06/25 12:36 p.m.•43 views

CVE-2008-2859

Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."

5CVSS6.4AI score0.0442EPSS

CVE•added 2005/11/21 11:0 a.m.•39 views

CVE-2004-2548

Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector i...

4.3CVSS6AI score0.15997EPSS

CVE•added 2011/01/07 11:0 p.m.•39 views

CVE-2010-3201

Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.

4.3CVSS5.7AI score0.02062EPSS

CVE•added 2008/03/25 7:44 p.m.•34 views

CVE-2008-1498

Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.

9CVSS7.6AI score0.07663EPSS

CVE•added 2024/11/29 1:15 p.m.•33 views

CVE-2024-11990

A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.

4.6CVSS4.7AI score0.00036EPSS

CVE•added 2008/02/27 7:44 p.m.•30 views

CVE-2008-1055

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

7.5CVSS7.8AI score0.21598EPSS