Surgemail@2.2g3 Security Vulnerabilities and Issues — Surgemail@2.2g3 CVE List

Lucene search

NetwinSurgemail2.2g3

5 matches found

CVE•added 2008/03/25 7:44 p.m.•51 views

CVE-2008-1497

Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.

9CVSS7.7AI score0.10686EPSS

CVE•added 2008/02/27 7:44 p.m.•43 views

CVE-2008-1054

Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple lo...

6.4CVSS8.3AI score0.22459EPSS

CVE•added 2011/01/07 11:0 p.m.•39 views

CVE-2010-3201

Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.

4.3CVSS5.7AI score0.02062EPSS

CVE•added 2005/05/02 4:0 a.m.•33 views

CVE-2005-0846

Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field.

4.3CVSS5.8AI score0.00422EPSS

CVE•added 2008/02/27 7:44 p.m.•30 views

CVE-2008-1055

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

7.5CVSS7.8AI score0.21598EPSS