Lucene search
K
NetwinWebmail

4 matches found

CVE
CVE
added 2005/11/21 11:0 a.m.49 views

CVE-2004-2548

NetWin SurgeMail before 2.0c and NetWin WebMail expose multiple cross-site scripting (XSS) vulnerabilities. Affected inputs: (1) a URI containing the script, and (2) the login form’s username field. The issue may be related to an error-message effect described in CVE-2004-2547. No remediation det...

4.3CVSS6AI score0.0204EPSS
CVE
CVE
added 2005/11/21 11:0 a.m.48 views

CVE-2004-2547

NetWin SurgeMail (before 2.0c) and NetWin WebMail expose sensitive information through HTTP error handling. Requests to the root ("/"), to "/scripts/", or to a non-existent file can cause error messages that reveal the server path. This vulnerability is described as an information disclosure affe...

2.6CVSS6.6AI score0.03094EPSS
CVE
CVE
added 2007/05/14 9:0 p.m.44 views

CVE-2007-2655

CVE-2007-2655 affects NetWin Webmail 3.1s-1 used in SurgeMail prior to version 3.8i2. The vulnerability is described as a potential format string issue that could enable remote code execution. Details are limited in the provided sources; no concrete exploit method, affected module/file, or patch/...

7.5CVSS7.5AI score0.03948EPSS
CVE
CVE
added 2008/02/27 7:0 p.m.40 views

CVE-2008-1055

CVE-2008-1055 describes a format string vulnerability in NetWin SurgeMail’s webmail.exe components (versions 38k4 and earlier; beta 39a) and WebMail 3.1s and earlier. The flaw, triggered via the page parameter, can cause a denial of service (daemon crash) and may allow arbitrary code execution by...

7.5CVSS7.8AI score0.07946EPSS