4 matches found
CVE-2004-2548
NetWin SurgeMail before 2.0c and NetWin WebMail expose multiple cross-site scripting (XSS) vulnerabilities. Affected inputs: (1) a URI containing the script, and (2) the login form’s username field. The issue may be related to an error-message effect described in CVE-2004-2547. No remediation det...
CVE-2004-2547
NetWin SurgeMail (before 2.0c) and NetWin WebMail expose sensitive information through HTTP error handling. Requests to the root ("/"), to "/scripts/", or to a non-existent file can cause error messages that reveal the server path. This vulnerability is described as an information disclosure affe...
CVE-2007-2655
CVE-2007-2655 affects NetWin Webmail 3.1s-1 used in SurgeMail prior to version 3.8i2. The vulnerability is described as a potential format string issue that could enable remote code execution. Details are limited in the provided sources; no concrete exploit method, affected module/file, or patch/...
CVE-2008-1055
CVE-2008-1055 describes a format string vulnerability in NetWin SurgeMail’s webmail.exe components (versions 38k4 and earlier; beta 39a) and WebMail 3.1s and earlier. The flaw, triggered via the page parameter, can cause a denial of service (daemon crash) and may allow arbitrary code execution by...