Search criteria
53 vulnerabilities found for SurgeMail by NetWin
CVE-2024-11990 (GCVE-0-2024-11990)
Vulnerability from cvelistv5 – Published: 2024-11-29 13:00 – Updated: 2024-11-29 13:25
VLAI
Title
Cross-Site Scripting (XSS) en SurgeMail de NetWin
Summary
A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.
Severity
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Date Public
2024-11-29 11:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T13:24:50.391595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T13:25:05.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SurgeMail",
"vendor": "NetWin",
"versions": [
{
"status": "affected",
"version": "78c2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cristhian Pacherres"
},
{
"lang": "en",
"type": "finder",
"value": "Mauricio Jara"
},
{
"lang": "en",
"type": "finder",
"value": "Alfredo Mari\u00f1os"
}
],
"datePublic": "2024-11-29T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters."
}
],
"value": "A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T13:00:57.502Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-netwin-surgemail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by the NetWin team in version 78e."
}
],
"value": "The vulnerability has been fixed by the NetWin team in version 78e."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) en SurgeMail de NetWin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-11990",
"datePublished": "2024-11-29T13:00:57.502Z",
"dateReserved": "2024-11-29T08:20:32.936Z",
"dateUpdated": "2024-11-29T13:25:05.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2575 (GCVE-0-2012-2575)
Vulnerability from cvelistv5 – Published: 2012-09-17 14:00 – Updated: 2024-09-16 20:37
VLAI
Summary
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/20363/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/20363/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-17T14:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/20363/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20363",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20363/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2575",
"datePublished": "2012-09-17T14:00:00.000Z",
"dateReserved": "2012-05-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:44.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3201 (GCVE-0-2010-3201)
Vulnerability from cvelistv5 – Published: 2011-01-07 22:00 – Updated: 2024-08-07 03:03
VLAI
Summary
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/34797/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/archive/1/514115/100… | mailing-listx_refsource_BUGTRAQ |
| http://ictsec.se/?p=108 | x_refsource_MISC |
| http://www.securityfocus.com/bid/43679 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/41685 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41685"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34797",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"name": "http://ictsec.se/?p=108",
"refsource": "MISC",
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3201",
"datePublished": "2011-01-07T22:00:00.000Z",
"dateReserved": "2010-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:03:18.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7182 (GCVE-0-2008-7182)
Vulnerability from cvelistv5 – Published: 2009-09-08 10:00 – Updated: 2024-08-07 11:56
VLAI
Summary
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5968 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/30000 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/496482 | mailing-listx_refsource_BUGTRAQ |
| http://www.netwinsite.com/surgemail/help/updates.htm | x_refsource_MISC |
Date Public
2008-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5968",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5968",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5968",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7182",
"datePublished": "2009-09-08T10:00:00.000Z",
"dateReserved": "2009-09-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2859 (GCVE-0-2008-2859)
Vulnerability from cvelistv5 – Published: 2008-06-25 10:00 – Updated: 2024-08-07 09:14
VLAI
Summary
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1020335 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/29805 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2008/1874… | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/30739 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.netwinsite.com/surgemail/help/updates.htm | x_refsource_CONFIRM |
Date Public
2008-06-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020335",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020335",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020335",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "CONFIRM",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2859",
"datePublished": "2008-06-25T10:00:00.000Z",
"dateReserved": "2008-06-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:14:14.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1497 (GCVE-0-2008-1497)
Vulnerability from cvelistv5 – Published: 2008-03-25 19:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3774 | third-party-advisoryx_refsource_SREASON |
| http://www.infigo.hr/en/in_focus/advisories/INFIG… | x_refsource_MISC |
| http://secunia.com/advisories/29105 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/489959/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/28377 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.netwinsite.com/surgemail/help/updates.htm | x_refsource_MISC |
Date Public
2008-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3774",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3774",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3774",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3774"
},
{
"name": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07",
"refsource": "MISC",
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1497",
"datePublished": "2008-03-25T19:00:00.000Z",
"dateReserved": "2008-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1498 (GCVE-0-2008-1498)
Vulnerability from cvelistv5 – Published: 2008-03-25 19:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5259 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/29105 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/28260 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2008/0901… | vdb-entryx_refsource_VUPEN |
| http://www.netwinsite.com/surgemail/help/updates.htm | x_refsource_MISC |
Date Public
2008-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5259",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1498",
"datePublished": "2008-03-25T19:00:00.000Z",
"dateReserved": "2008-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1055 (GCVE-0-2008-1055)
Vulnerability from cvelistv5 – Published: 2008-02-27 19:00 – Updated: 2024-08-07 08:08
VLAI
Summary
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3705 | third-party-advisoryx_refsource_SREASON |
| http://aluigi.altervista.org/adv/surgemailz-adv.txt | x_refsource_MISC |
| http://secunia.com/advisories/29137 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/29105 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/0678 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1019500 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/archive/1/488741/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/27990 | vdb-entryx_refsource_BID |
Date Public
2008-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3705",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3705"
},
{
"name": "http://aluigi.altervista.org/adv/surgemailz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1055",
"datePublished": "2008-02-27T19:00:00.000Z",
"dateReserved": "2008-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:08:57.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1054 (GCVE-0-2008-1054)
Vulnerability from cvelistv5 – Published: 2008-02-27 19:00 – Updated: 2024-08-07 08:08
VLAI
Summary
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3705 | third-party-advisoryx_refsource_SREASON |
| http://aluigi.altervista.org/adv/surgemailz-adv.txt | x_refsource_MISC |
| http://secunia.com/advisories/29105 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/0678 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1019500 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/archive/1/488741/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/27992 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3705",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3705"
},
{
"name": "http://aluigi.altervista.org/adv/surgemailz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1054",
"datePublished": "2008-02-27T19:00:00.000Z",
"dateReserved": "2008-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:08:57.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6457 (GCVE-0-2007-6457)
Vulnerability from cvelistv5 – Published: 2007-12-20 00:00 – Updated: 2024-08-07 16:11
VLAI
Summary
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/28142 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/4245 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/485224/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3464 | third-party-advisoryx_refsource_SREASON |
| http://retrogod.altervista.org/rgod_surgemail_cra… | x_refsource_MISC |
| http://www.securityfocus.com/bid/26901 | vdb-entryx_refsource_BID |
Date Public
2007-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:05.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3464"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3464"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3464"
},
{
"name": "http://retrogod.altervista.org/rgod_surgemail_crash.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6457",
"datePublished": "2007-12-20T00:00:00.000Z",
"dateReserved": "2007-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:11:05.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11990 (GCVE-0-2024-11990)
Vulnerability from nvd – Published: 2024-11-29 13:00 – Updated: 2024-11-29 13:25
VLAI
Title
Cross-Site Scripting (XSS) en SurgeMail de NetWin
Summary
A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.
Severity
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Date Public
2024-11-29 11:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T13:24:50.391595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T13:25:05.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SurgeMail",
"vendor": "NetWin",
"versions": [
{
"status": "affected",
"version": "78c2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cristhian Pacherres"
},
{
"lang": "en",
"type": "finder",
"value": "Mauricio Jara"
},
{
"lang": "en",
"type": "finder",
"value": "Alfredo Mari\u00f1os"
}
],
"datePublic": "2024-11-29T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters."
}
],
"value": "A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T13:00:57.502Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-netwin-surgemail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by the NetWin team in version 78e."
}
],
"value": "The vulnerability has been fixed by the NetWin team in version 78e."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) en SurgeMail de NetWin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-11990",
"datePublished": "2024-11-29T13:00:57.502Z",
"dateReserved": "2024-11-29T08:20:32.936Z",
"dateUpdated": "2024-11-29T13:25:05.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2575 (GCVE-0-2012-2575)
Vulnerability from nvd – Published: 2012-09-17 14:00 – Updated: 2024-09-16 20:37
VLAI
Summary
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/20363/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/20363/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-17T14:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/20363/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20363",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20363/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2575",
"datePublished": "2012-09-17T14:00:00.000Z",
"dateReserved": "2012-05-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:44.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3201 (GCVE-0-2010-3201)
Vulnerability from nvd – Published: 2011-01-07 22:00 – Updated: 2024-08-07 03:03
VLAI
Summary
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/34797/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/archive/1/514115/100… | mailing-listx_refsource_BUGTRAQ |
| http://ictsec.se/?p=108 | x_refsource_MISC |
| http://www.securityfocus.com/bid/43679 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/41685 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41685"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34797",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"name": "http://ictsec.se/?p=108",
"refsource": "MISC",
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3201",
"datePublished": "2011-01-07T22:00:00.000Z",
"dateReserved": "2010-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:03:18.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7182 (GCVE-0-2008-7182)
Vulnerability from nvd – Published: 2009-09-08 10:00 – Updated: 2024-08-07 11:56
VLAI
Summary
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5968 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/30000 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/496482 | mailing-listx_refsource_BUGTRAQ |
| http://www.netwinsite.com/surgemail/help/updates.htm | x_refsource_MISC |
Date Public
2008-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5968",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5968",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5968",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7182",
"datePublished": "2009-09-08T10:00:00.000Z",
"dateReserved": "2009-09-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2859 (GCVE-0-2008-2859)
Vulnerability from nvd – Published: 2008-06-25 10:00 – Updated: 2024-08-07 09:14
VLAI
Summary
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1020335 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/29805 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2008/1874… | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/30739 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.netwinsite.com/surgemail/help/updates.htm | x_refsource_CONFIRM |
Date Public
2008-06-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020335",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020335",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020335",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "CONFIRM",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2859",
"datePublished": "2008-06-25T10:00:00.000Z",
"dateReserved": "2008-06-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:14:14.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1497 (GCVE-0-2008-1497)
Vulnerability from nvd – Published: 2008-03-25 19:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3774 | third-party-advisoryx_refsource_SREASON |
| http://www.infigo.hr/en/in_focus/advisories/INFIG… | x_refsource_MISC |
| http://secunia.com/advisories/29105 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/489959/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/28377 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.netwinsite.com/surgemail/help/updates.htm | x_refsource_MISC |
Date Public
2008-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3774",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3774",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3774",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3774"
},
{
"name": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07",
"refsource": "MISC",
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1497",
"datePublished": "2008-03-25T19:00:00.000Z",
"dateReserved": "2008-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1498 (GCVE-0-2008-1498)
Vulnerability from nvd – Published: 2008-03-25 19:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5259 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/29105 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/28260 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2008/0901… | vdb-entryx_refsource_VUPEN |
| http://www.netwinsite.com/surgemail/help/updates.htm | x_refsource_MISC |
Date Public
2008-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5259",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1498",
"datePublished": "2008-03-25T19:00:00.000Z",
"dateReserved": "2008-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1055 (GCVE-0-2008-1055)
Vulnerability from nvd – Published: 2008-02-27 19:00 – Updated: 2024-08-07 08:08
VLAI
Summary
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3705 | third-party-advisoryx_refsource_SREASON |
| http://aluigi.altervista.org/adv/surgemailz-adv.txt | x_refsource_MISC |
| http://secunia.com/advisories/29137 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/29105 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/0678 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1019500 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/archive/1/488741/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/27990 | vdb-entryx_refsource_BID |
Date Public
2008-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3705",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3705"
},
{
"name": "http://aluigi.altervista.org/adv/surgemailz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1055",
"datePublished": "2008-02-27T19:00:00.000Z",
"dateReserved": "2008-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:08:57.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1054 (GCVE-0-2008-1054)
Vulnerability from nvd – Published: 2008-02-27 19:00 – Updated: 2024-08-07 08:08
VLAI
Summary
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3705 | third-party-advisoryx_refsource_SREASON |
| http://aluigi.altervista.org/adv/surgemailz-adv.txt | x_refsource_MISC |
| http://secunia.com/advisories/29105 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/0678 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1019500 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/archive/1/488741/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/27992 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3705",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3705"
},
{
"name": "http://aluigi.altervista.org/adv/surgemailz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1054",
"datePublished": "2008-02-27T19:00:00.000Z",
"dateReserved": "2008-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:08:57.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6457 (GCVE-0-2007-6457)
Vulnerability from nvd – Published: 2007-12-20 00:00 – Updated: 2024-08-07 16:11
VLAI
Summary
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/28142 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/4245 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/485224/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3464 | third-party-advisoryx_refsource_SREASON |
| http://retrogod.altervista.org/rgod_surgemail_cra… | x_refsource_MISC |
| http://www.securityfocus.com/bid/26901 | vdb-entryx_refsource_BID |
Date Public
2007-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:05.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3464"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3464"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3464"
},
{
"name": "http://retrogod.altervista.org/rgod_surgemail_crash.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6457",
"datePublished": "2007-12-20T00:00:00.000Z",
"dateReserved": "2007-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:11:05.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4377 (GCVE-0-2007-4377)
Vulnerability from nvd – Published: 2007-08-16 18:00 – Updated: 2024-08-07 14:53
VLAI
Summary
Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://marc.info/?l=full-disclosure&m=11871017992… | mailing-listx_refsource_FULLDISC |
| http://www.vupen.com/english/advisories/2007/2875 | vdb-entryx_refsource_VUPEN |
| https://www.exploit-db.com/exploits/4287 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26464 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/25318 | vdb-entryx_refsource_BID |
Date Public
2007-08-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
},
{
"name": "ADV-2007-2875",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2875"
},
{
"name": "4287",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4287"
},
{
"name": "surgemail-imap-code-execution(36009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
},
{
"name": "26464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26464"
},
{
"name": "25318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
},
{
"name": "ADV-2007-2875",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2875"
},
{
"name": "4287",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4287"
},
{
"name": "surgemail-imap-code-execution(36009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
},
{
"name": "26464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26464"
},
{
"name": "25318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
},
{
"name": "ADV-2007-2875",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2875"
},
{
"name": "4287",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4287"
},
{
"name": "surgemail-imap-code-execution(36009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
},
{
"name": "26464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26464"
},
{
"name": "25318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4377",
"datePublished": "2007-08-16T18:00:00.000Z",
"dateReserved": "2007-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2012-2575
Vulnerability from fkie_nvd - Published: 2012-09-17 14:55 - Updated: 2026-04-29 01:13
Severity
Summary
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgemail:6.0:a4:*:*:*:*:*:*",
"matchCriteriaId": "B9D9FC1C-B907-4FEC-8FC4-7CAFDAB072AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en NetWin SurgeMail v6.0a4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del atributo SRC de un elemento IFRAME en el cuerpo de un mensaje de correo electr\u00f3nico."
}
],
"id": "CVE-2012-2575",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-17T14:55:00.813",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/20363/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/20363/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-3201
Vulnerability from fkie_nvd - Published: 2011-01-07 23:00 - Updated: 2026-04-29 01:13
Severity
Summary
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgemail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C838E7E-AE55-4DE5-BE51-8E3561B5A88E",
"versionEndIncluding": "4.2d4-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "87817AF2-201D-4A00-BCA2-FDBF716BFB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "B76EAC7A-4BB3-4E38-9101-C5382C010E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB0A419-82B9-4801-A6CA-AB01E2E27451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "2B47ACEC-91A6-47DA-AF53-BB24A9A48B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA3FA5-305E-4FB1-88C2-96B3C60BDE96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "D744A39C-6695-4F05-8E0A-233A9F000464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "78062477-35B1-490E-AA67-5B4D322B1684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "F5563478-FC8A-4FE6-9FA6-7A85A1D63827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C2D087-9C3A-4D7A-83AB-5367C8CC6ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "0490B62E-6F13-40E8-AB75-7B6D88BDBF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3a_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C49C51-FE9B-490B-B901-57D37735CCE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "3246EA70-861C-4D6F-A1BF-4BCBB5FF933A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3c:*:*:*:*:*:*:*",
"matchCriteriaId": "85FBF22E-94A9-429D-A879-78EE00FA2EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3d:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE3E637-1198-4B4D-8A5B-F7E5DC48A8EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3e:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB1AE7C-16A2-4D85-BF27-82140DFFF631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3f:*:*:*:*:*:*:*",
"matchCriteriaId": "2D052EED-AB9C-4EB6-A45B-29B2D125D0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3g:*:*:*:*:*:*:*",
"matchCriteriaId": "550CED69-8A52-489E-B4AD-48C3B2C8DD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3h:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDC18DD-9D55-4D07-9157-5A925299FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3i:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6BCA9B-569E-497F-8D51-7A953CA9EB79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3j:*:*:*:*:*:*:*",
"matchCriteriaId": "D7311BF0-CBCB-40F6-AB2B-014EC421DD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3k:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CCE110-187E-424E-8D2A-E2EAEDD1606C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.3l:*:*:*:*:*:*:*",
"matchCriteriaId": "2260E333-8CCB-4536-B5F2-8885F8BB6B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "5636090B-E382-42CF-8A05-0EE5BF36ACB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "77DE0FB4-8AC2-487A-A73B-DBD9527657FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.4c:*:*:*:*:*:*:*",
"matchCriteriaId": "49B0E240-B9E0-4CFD-852C-51E00B5E8ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "0498C94D-B215-417A-971F-A2430393CAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEDBD88-3242-4FCA-949A-32B13CF7D89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.5c:*:*:*:*:*:*:*",
"matchCriteriaId": "5484C012-9DE1-4F48-B467-5FC9577F7EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.5d:*:*:*:*:*:*:*",
"matchCriteriaId": "66F4BC6E-0E24-49F9-9160-E3A346E37E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.5d2:*:*:*:*:*:*:*",
"matchCriteriaId": "66D4C2B3-4879-461D-B57C-B59AFC6B6310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.5f:*:*:*:*:*:*:*",
"matchCriteriaId": "BECF5E0C-D2C0-4D6F-8FD6-BE6F0FA94887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "0575796D-59FC-4D55-B4BA-E4F332296CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3FEAAF-6DFE-4288-A3D2-7EFE64417C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "A65A9997-D18E-4FB9-9E54-C3C83A03047F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "20FB3D3F-9BFC-441B-B974-AEB92C48D04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.6e2:*:*:*:*:*:*:*",
"matchCriteriaId": "A38C61D1-36CB-4A2F-B8AB-E12729915A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDA0620-DBE8-4659-8B23-F300735F7078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.7b3:*:*:*:*:*:*:*",
"matchCriteriaId": "C30D2CEC-CB08-4454-9305-A96BB92830CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "51F3F0B2-8A75-42A6-9B4C-E1C2AA8EF27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8b3:*:*:*:*:*:*:*",
"matchCriteriaId": "06B04968-6115-48D0-A315-D0445234DA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "A3213555-A5AC-4722-B2A9-26726803F813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8e:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB5003E-B9BA-4DD0-98EE-C3AAFBF7BFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "31FAD6F1-2A15-4A28-9E33-33B67D627956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
"matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "439847AC-0ACD-4BDB-A935-3CE645366DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "90487000-A5DA-463B-82B2-5F83DBEC7154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "8B654A1F-01A3-4F18-A1E6-9D924BF34397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDB3E97-547C-4531-81E9-B280E3DF39D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0g2:*:*:*:*:*:*:*",
"matchCriteriaId": "61DA6241-B456-4721-BAB7-A857FAA4B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "74F72E7E-9561-4F82-8AFC-DB0DA32F8221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.1c7:*:*:*:*:*:*:*",
"matchCriteriaId": "BBBC4664-D561-4DDD-AC69-003D498FE40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2a6:*:*:*:*:*:*:*",
"matchCriteriaId": "7324F0F8-6F15-4966-9589-7BDF502DA287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2c9:*:*:*:*:*:*:*",
"matchCriteriaId": "67230924-EDC9-40CD-931E-71D0ED4F4E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2c10:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF4BCCC-8284-4EB2-B38B-06283E584F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2g2:*:*:*:*:*:*:*",
"matchCriteriaId": "288E7531-50DA-4AE1-B152-F0FBE7CA88BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*",
"matchCriteriaId": "914D7AFB-007F-48C1-98C0-13B38F2C2D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED629A5-B807-4856-AD71-DF5040463694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*",
"matchCriteriaId": "5470DC1D-DBE4-4C03-B831-42533DF08D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "A697CF22-6FEF-4134-90D7-C000E891157D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "B4420781-D233-4C09-9979-B20BB476E635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4180CD-DCAC-42DB-8973-F8233F8B8EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.5b3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB3CEAB-41DD-447B-B36E-C5C5B9F1A2F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE7B0E5-E5A8-4F03-867A-8AE987D2254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6f3:*:*:*:*:*:*:*",
"matchCriteriaId": "60B63ABA-5B8B-4EF2-A832-38F047904727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6f5:*:*:*:*:*:*:*",
"matchCriteriaId": "90D7306C-A95A-4DB8-A6F1-29B233FF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6f7:*:*:*:*:*:*:*",
"matchCriteriaId": "234A98AA-6482-4889-B3A3-3D4EC1023371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b:*:*:*:*:*:*:*",
"matchCriteriaId": "063644A4-AD5B-4BD7-9B6C-ADA2C47562C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b3:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB85D71-332A-4B5F-8B48-57CE29461920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b5:*:*:*:*:*:*:*",
"matchCriteriaId": "0871CD5E-B0B7-4A80-924F-073227420136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b6:*:*:*:*:*:*:*",
"matchCriteriaId": "563791A9-A34B-4C2A-9F4F-F878654C5742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b7:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAF682B-5815-4787-B288-F1CB47F1C986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4764A66-0284-4D85-9A8D-69CC9FCD53EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "12FCF5D0-3E98-48E4-840C-5DD47A893AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8b:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2E8CA7-DAF6-4C30-8ED1-9FA6D4A660D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "1C384BC3-603B-4409-B473-F3213D05DB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "C81E2733-0791-4D5E-990F-B40859EEA7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CE77D8-ADB3-4A3E-9D79-4F9739F7549A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
"matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i:*:*:*:*:*:*:*",
"matchCriteriaId": "19390313-1B1C-4388-AA3B-1A470416FADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1FD0B1-DEE5-4765-9538-FBA20E8B1559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i3:*:*:*:*:*:*:*",
"matchCriteriaId": "30495DFC-EC4F-4449-851A-3358C9BCBF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BE37B-BA86-4B1D-A1B6-B5910F61171D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF32266-AB58-4215-B7FF-CC882835EE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k3:*:*:*:*:*:*:*",
"matchCriteriaId": "A437EB1A-2E12-4AAB-8817-57D17C2E21E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAB36A8-0F51-4424-B6BA-F1A29C759717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8m:*:*:*:*:*:*:*",
"matchCriteriaId": "25C21957-FA45-4FCE-AFFE-4A0E1345CFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8o:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1108C3-E6C1-42F2-8A49-A4DEFB5C4DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8q:*:*:*:*:*:*:*",
"matchCriteriaId": "2C96445D-DC59-494C-BA42-09A342F39252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8s:*:*:*:*:*:*:*",
"matchCriteriaId": "CC095432-C4C3-4566-8DBC-8513D47778AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8u:*:*:*:*:*:*:*",
"matchCriteriaId": "970DDF6C-2DDB-44C6-89F7-22314102C4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5558770D-276A-4136-BB50-C2B6CB8C4AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.9c:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF5ADB9-B57C-4668-A654-29DAE75792CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.9e:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7F09A9-9719-47C2-8021-853F699A7553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.9g:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB21ADE-D9AE-4D54-BB27-4CBE82A8FD51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.9g2:*:*:*:*:*:*:*",
"matchCriteriaId": "64A2ADFB-E87B-43A9-A01D-C9B5F5BF6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "B57600C3-918D-4893-8B55-C3FCAD53DF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:4.0k:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDEFA9D-7FB0-4234-9B20-3F82C2668D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:4.0u3:*:*:*:*:*:*:*",
"matchCriteriaId": "18AE7F25-4E72-4157-BAD0-27C084F0227B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:4.0u4:*:*:*:*:*:*:*",
"matchCriteriaId": "20DC55C1-C7D8-4FEC-8476-D5176296C9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:4.0v-8:*:*:*:*:*:*:*",
"matchCriteriaId": "804C5810-1BC0-4467-9FBE-C73159C19892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:4.2a2-2:*:*:*:*:*:*:*",
"matchCriteriaId": "71A872AE-FA11-46C8-9CB9-F25A42B5C0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:4.2a2-3:*:*:*:*:*:*:*",
"matchCriteriaId": "080B5960-27AC-4FA1-A747-C7AC50D4D864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:4.2a3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1CD622C-6973-4EDB-B600-D086DD5A25D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:4.2d-1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE82987-B3CD-4670-BA05-82FFDD3455B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:4.2d2-2:*:*:*:*:*:*:*",
"matchCriteriaId": "03F08298-1882-4656-95F3-3994F9F3BA96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:4.2d3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "43D5426E-E74D-4D1E-8CBB-EC66ACACA8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:beta_3.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "6456955D-D8EF-43A3-9CB8-8B4D44A1DCD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en NetWin Surgemail anterirores a v4.3g permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro username_ex sobre el programa surgeweb."
}
],
"id": "CVE-2010-3201",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-07T23:00:02.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://ictsec.se/?p=108"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41685"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/43679"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://ictsec.se/?p=108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/43679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/34797/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-7182
Vulnerability from fkie_nvd - Published: 2009-09-08 10:30 - Updated: 2026-04-23 00:35
Severity
Summary
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.9e:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7F09A9-9719-47C2-8021-853F699A7553",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el servicio IMAP en NetWin Surgemail v3.9e, y probablemente otras versiones anteriores a v3.9g2, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (parada) y probablemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un primer argumento largo en el comando APPEN, siendo un vector diferente que CVE-2008-1497 y CVE-2008-1498. NOTA: ante la falta de detalles, no est\u00e1 confirmado que sea la misma vulnerabilidad que CVE-2008-2859."
}
],
"id": "CVE-2008-7182",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T10:30:01.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30000"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5968"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-2859
Vulnerability from fkie_nvd - Published: 2008-06-25 12:36 - Updated: 2026-04-23 00:35
Severity
Summary
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netwin | surgemail | * | |
| netwin | surgemail | 3.8a | |
| netwin | surgemail | 3.8b | |
| netwin | surgemail | 3.8d | |
| netwin | surgemail | 3.8f | |
| netwin | surgemail | 3.8f2 | |
| netwin | surgemail | 3.8f3 | |
| netwin | surgemail | 3.8i | |
| netwin | surgemail | 3.8i2 | |
| netwin | surgemail | 3.8i3 | |
| netwin | surgemail | 3.8k | |
| netwin | surgemail | 3.8k2 | |
| netwin | surgemail | 3.8k3 | |
| netwin | surgemail | 3.8k4 | |
| netwin | surgemail | 3.8m | |
| netwin | surgemail | 3.8o | |
| netwin | surgemail | 3.8q | |
| netwin | surgemail | 3.8s | |
| netwin | surgemail | 3.8u | |
| netwin | surgemail | 3.9a | |
| netwin | surgemail | 3.9c | |
| netwin | surgemail | 3.9e |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgemail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D180C666-C5E6-44C9-B61C-1C7ECFB38F24",
"versionEndIncluding": "3.9g",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "12FCF5D0-3E98-48E4-840C-5DD47A893AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8b:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2E8CA7-DAF6-4C30-8ED1-9FA6D4A660D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "1C384BC3-603B-4409-B473-F3213D05DB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "C81E2733-0791-4D5E-990F-B40859EEA7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CE77D8-ADB3-4A3E-9D79-4F9739F7549A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
"matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i:*:*:*:*:*:*:*",
"matchCriteriaId": "19390313-1B1C-4388-AA3B-1A470416FADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1FD0B1-DEE5-4765-9538-FBA20E8B1559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i3:*:*:*:*:*:*:*",
"matchCriteriaId": "30495DFC-EC4F-4449-851A-3358C9BCBF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BE37B-BA86-4B1D-A1B6-B5910F61171D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF32266-AB58-4215-B7FF-CC882835EE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k3:*:*:*:*:*:*:*",
"matchCriteriaId": "A437EB1A-2E12-4AAB-8817-57D17C2E21E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAB36A8-0F51-4424-B6BA-F1A29C759717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8m:*:*:*:*:*:*:*",
"matchCriteriaId": "25C21957-FA45-4FCE-AFFE-4A0E1345CFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8o:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1108C3-E6C1-42F2-8A49-A4DEFB5C4DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8q:*:*:*:*:*:*:*",
"matchCriteriaId": "2C96445D-DC59-494C-BA42-09A342F39252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8s:*:*:*:*:*:*:*",
"matchCriteriaId": "CC095432-C4C3-4566-8DBC-8513D47778AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8u:*:*:*:*:*:*:*",
"matchCriteriaId": "970DDF6C-2DDB-44C6-89F7-22314102C4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5558770D-276A-4136-BB50-C2B6CB8C4AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.9c:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF5ADB9-B57C-4668-A654-29DAE75792CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.9e:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7F09A9-9719-47C2-8021-853F699A7553",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el servicio de IMAP en NetWin SurgeMail anterior a 3.9g2; permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante vectores desconocidos relacionados con un \"comando imap\"."
}
],
"id": "CVE-2008-2859",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-25T12:36:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30739"
},
{
"source": "cve@mitre.org",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29805"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020335"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1497
Vulnerability from fkie_nvd - Published: 2008-03-25 19:44 - Updated: 2026-04-23 00:35
Severity
Summary
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netwin | surgemail | 1.8g3 | |
| netwin | surgemail | 1.9b2 | |
| netwin | surgemail | 2.0a2 | |
| netwin | surgemail | 2.0c | |
| netwin | surgemail | 2.0e | |
| netwin | surgemail | 2.0g2 | |
| netwin | surgemail | 2.1c7 | |
| netwin | surgemail | 2.2a6 | |
| netwin | surgemail | 2.2c10 | |
| netwin | surgemail | 2.2g2 | |
| netwin | surgemail | 2.2g3 | |
| netwin | surgemail | 3.0a | |
| netwin | surgemail | 3.0c2 | |
| netwin | surgemail | 3.2e | |
| netwin | surgemail | 3.5a | |
| netwin | surgemail | 3.5b3 | |
| netwin | surgemail | 3.6d | |
| netwin | surgemail | 3.6f3 | |
| netwin | surgemail | 3.6f5 | |
| netwin | surgemail | 3.6f7 | |
| netwin | surgemail | 3.7b | |
| netwin | surgemail | 3.7b3 | |
| netwin | surgemail | 3.7b5 | |
| netwin | surgemail | 3.7b6 | |
| netwin | surgemail | 3.7b7 | |
| netwin | surgemail | 3.7b8 | |
| netwin | surgemail | 3.8a | |
| netwin | surgemail | 3.8b | |
| netwin | surgemail | 3.8d | |
| netwin | surgemail | 3.8f | |
| netwin | surgemail | 3.8f2 | |
| netwin | surgemail | 3.8f3 | |
| netwin | surgemail | 3.8i | |
| netwin | surgemail | 3.8i2 | |
| netwin | surgemail | 3.8i3 | |
| netwin | surgemail | 3.8k | |
| netwin | surgemail | 3.8k2 | |
| netwin | surgemail | 3.8k3 | |
| netwin | surgemail | 3.8m |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
"matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "90487000-A5DA-463B-82B2-5F83DBEC7154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "8B654A1F-01A3-4F18-A1E6-9D924BF34397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDB3E97-547C-4531-81E9-B280E3DF39D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0g2:*:*:*:*:*:*:*",
"matchCriteriaId": "61DA6241-B456-4721-BAB7-A857FAA4B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.1c7:*:*:*:*:*:*:*",
"matchCriteriaId": "BBBC4664-D561-4DDD-AC69-003D498FE40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2a6:*:*:*:*:*:*:*",
"matchCriteriaId": "7324F0F8-6F15-4966-9589-7BDF502DA287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2c10:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF4BCCC-8284-4EB2-B38B-06283E584F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2g2:*:*:*:*:*:*:*",
"matchCriteriaId": "288E7531-50DA-4AE1-B152-F0FBE7CA88BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*",
"matchCriteriaId": "914D7AFB-007F-48C1-98C0-13B38F2C2D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED629A5-B807-4856-AD71-DF5040463694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*",
"matchCriteriaId": "5470DC1D-DBE4-4C03-B831-42533DF08D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "B4420781-D233-4C09-9979-B20BB476E635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4180CD-DCAC-42DB-8973-F8233F8B8EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.5b3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB3CEAB-41DD-447B-B36E-C5C5B9F1A2F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE7B0E5-E5A8-4F03-867A-8AE987D2254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6f3:*:*:*:*:*:*:*",
"matchCriteriaId": "60B63ABA-5B8B-4EF2-A832-38F047904727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6f5:*:*:*:*:*:*:*",
"matchCriteriaId": "90D7306C-A95A-4DB8-A6F1-29B233FF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6f7:*:*:*:*:*:*:*",
"matchCriteriaId": "234A98AA-6482-4889-B3A3-3D4EC1023371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b:*:*:*:*:*:*:*",
"matchCriteriaId": "063644A4-AD5B-4BD7-9B6C-ADA2C47562C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b3:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB85D71-332A-4B5F-8B48-57CE29461920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b5:*:*:*:*:*:*:*",
"matchCriteriaId": "0871CD5E-B0B7-4A80-924F-073227420136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b6:*:*:*:*:*:*:*",
"matchCriteriaId": "563791A9-A34B-4C2A-9F4F-F878654C5742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b7:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAF682B-5815-4787-B288-F1CB47F1C986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4764A66-0284-4D85-9A8D-69CC9FCD53EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "12FCF5D0-3E98-48E4-840C-5DD47A893AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8b:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2E8CA7-DAF6-4C30-8ED1-9FA6D4A660D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "1C384BC3-603B-4409-B473-F3213D05DB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "C81E2733-0791-4D5E-990F-B40859EEA7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CE77D8-ADB3-4A3E-9D79-4F9739F7549A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
"matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i:*:*:*:*:*:*:*",
"matchCriteriaId": "19390313-1B1C-4388-AA3B-1A470416FADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1FD0B1-DEE5-4765-9538-FBA20E8B1559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i3:*:*:*:*:*:*:*",
"matchCriteriaId": "30495DFC-EC4F-4449-851A-3358C9BCBF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BE37B-BA86-4B1D-A1B6-B5910F61171D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF32266-AB58-4215-B7FF-CC882835EE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k3:*:*:*:*:*:*:*",
"matchCriteriaId": "A437EB1A-2E12-4AAB-8817-57D17C2E21E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8m:*:*:*:*:*:*:*",
"matchCriteriaId": "25C21957-FA45-4FCE-AFFE-4A0E1345CFE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en Pila en el servicio IMAP de NetWin SurgeMail 38k4-4 y versiones anteriores, permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos largos del comando LSUB."
}
],
"id": "CVE-2008-1497",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-25T19:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29105"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1498
Vulnerability from fkie_nvd - Published: 2008-03-25 19:44 - Updated: 2026-04-23 00:35
Severity
Summary
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgemail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF997ADC-BF65-4ED0-8C66-01CB824407D8",
"versionEndIncluding": "3.8k4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en Pila en el servicio IMAP de NetWin SurgeMail 38k4-4 y versiones anteriores, permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante un primer argumento largo del comando LIST."
}
],
"id": "CVE-2008-1498",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-25T19:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29105"
},
{
"source": "cve@mitre.org",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28260"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5259"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1054
Vulnerability from fkie_nvd - Published: 2008-02-27 19:44 - Updated: 2026-04-23 00:35
Severity
Summary
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netwin | surgemail | 1.8a | |
| netwin | surgemail | 1.8b3 | |
| netwin | surgemail | 1.8d | |
| netwin | surgemail | 1.8e | |
| netwin | surgemail | 1.8g3 | |
| netwin | surgemail | 1.9 | |
| netwin | surgemail | 1.9b2 | |
| netwin | surgemail | 2.0a2 | |
| netwin | surgemail | 2.0c | |
| netwin | surgemail | 2.0e | |
| netwin | surgemail | 2.0g2 | |
| netwin | surgemail | 2.1a | |
| netwin | surgemail | 2.1c7 | |
| netwin | surgemail | 2.2a6 | |
| netwin | surgemail | 2.2c9 | |
| netwin | surgemail | 2.2c10 | |
| netwin | surgemail | 2.2g2 | |
| netwin | surgemail | 2.2g3 | |
| netwin | surgemail | 3.0a | |
| netwin | surgemail | 3.0c2 | |
| netwin | surgemail | 3.1s | |
| netwin | surgemail | 3.8f3 | |
| netwin | surgemail | 3.8i | |
| netwin | surgemail | 3.8i2 | |
| netwin | surgemail | 3.8i3 | |
| netwin | surgemail | 38k | |
| netwin | surgemail | 38k4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "51F3F0B2-8A75-42A6-9B4C-E1C2AA8EF27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8b3:*:*:*:*:*:*:*",
"matchCriteriaId": "06B04968-6115-48D0-A315-D0445234DA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "A3213555-A5AC-4722-B2A9-26726803F813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8e:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB5003E-B9BA-4DD0-98EE-C3AAFBF7BFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
"matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "439847AC-0ACD-4BDB-A935-3CE645366DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "90487000-A5DA-463B-82B2-5F83DBEC7154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "8B654A1F-01A3-4F18-A1E6-9D924BF34397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDB3E97-547C-4531-81E9-B280E3DF39D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0g2:*:*:*:*:*:*:*",
"matchCriteriaId": "61DA6241-B456-4721-BAB7-A857FAA4B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "74F72E7E-9561-4F82-8AFC-DB0DA32F8221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.1c7:*:*:*:*:*:*:*",
"matchCriteriaId": "BBBC4664-D561-4DDD-AC69-003D498FE40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2a6:*:*:*:*:*:*:*",
"matchCriteriaId": "7324F0F8-6F15-4966-9589-7BDF502DA287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2c9:*:*:*:*:*:*:*",
"matchCriteriaId": "67230924-EDC9-40CD-931E-71D0ED4F4E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2c10:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF4BCCC-8284-4EB2-B38B-06283E584F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2g2:*:*:*:*:*:*:*",
"matchCriteriaId": "288E7531-50DA-4AE1-B152-F0FBE7CA88BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*",
"matchCriteriaId": "914D7AFB-007F-48C1-98C0-13B38F2C2D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED629A5-B807-4856-AD71-DF5040463694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*",
"matchCriteriaId": "5470DC1D-DBE4-4C03-B831-42533DF08D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "A697CF22-6FEF-4134-90D7-C000E891157D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
"matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i:*:*:*:*:*:*:*",
"matchCriteriaId": "19390313-1B1C-4388-AA3B-1A470416FADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1FD0B1-DEE5-4765-9538-FBA20E8B1559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i3:*:*:*:*:*:*:*",
"matchCriteriaId": "30495DFC-EC4F-4449-851A-3358C9BCBF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:38k:*:*:*:*:*:*:*",
"matchCriteriaId": "9E938F32-9C91-43C9-B8E9-8101AED6C713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:38k4:*:*:*:*:*:*:*",
"matchCriteriaId": "6A613F99-9733-411B-A8F9-3A35AEE6B0DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n _lib_spawn_user_getpid de (1) swatch.exe y (2) surgemail.exe en NetWin SurgeMail 38k4 y versiones anteriores, y beta 39a, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una petici\u00f3n HTTP con m\u00faltiples cabeceras largas de webmail.exe y otros ejecutables CGI no especificados, lo cual dispara un desbordamiento cuando asignan valores a variables de entorno.\r\nNOTA: parte de esta informaci\u00f3n ha sido obtenida a partir de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-1054",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-27T19:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29105"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3705"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27992"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1055
Vulnerability from fkie_nvd - Published: 2008-02-27 19:44 - Updated: 2026-04-23 00:35
Severity
Summary
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netwin | surgemail | * | |
| netwin | surgemail | 1.8a | |
| netwin | surgemail | 1.8b3 | |
| netwin | surgemail | 1.8d | |
| netwin | surgemail | 1.8e | |
| netwin | surgemail | 1.8g3 | |
| netwin | surgemail | 1.9 | |
| netwin | surgemail | 1.9b2 | |
| netwin | surgemail | 2.0a2 | |
| netwin | surgemail | 2.0c | |
| netwin | surgemail | 2.0e | |
| netwin | surgemail | 2.0g2 | |
| netwin | surgemail | 2.1a | |
| netwin | surgemail | 2.1c7 | |
| netwin | surgemail | 2.2a6 | |
| netwin | surgemail | 2.2c9 | |
| netwin | surgemail | 2.2c10 | |
| netwin | surgemail | 2.2g2 | |
| netwin | surgemail | 2.2g3 | |
| netwin | surgemail | 3.0a | |
| netwin | surgemail | 3.0c2 | |
| netwin | surgemail | 3.8f3 | |
| netwin | surgemail | 39a | |
| netwin | surgemail | beta_39a | |
| netwin | webmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgemail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0338308B-54C6-4C2F-9A5F-A4D0AB34E091",
"versionEndIncluding": "38k4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "51F3F0B2-8A75-42A6-9B4C-E1C2AA8EF27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8b3:*:*:*:*:*:*:*",
"matchCriteriaId": "06B04968-6115-48D0-A315-D0445234DA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "A3213555-A5AC-4722-B2A9-26726803F813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8e:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB5003E-B9BA-4DD0-98EE-C3AAFBF7BFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
"matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "439847AC-0ACD-4BDB-A935-3CE645366DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "90487000-A5DA-463B-82B2-5F83DBEC7154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "8B654A1F-01A3-4F18-A1E6-9D924BF34397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDB3E97-547C-4531-81E9-B280E3DF39D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0g2:*:*:*:*:*:*:*",
"matchCriteriaId": "61DA6241-B456-4721-BAB7-A857FAA4B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "74F72E7E-9561-4F82-8AFC-DB0DA32F8221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.1c7:*:*:*:*:*:*:*",
"matchCriteriaId": "BBBC4664-D561-4DDD-AC69-003D498FE40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2a6:*:*:*:*:*:*:*",
"matchCriteriaId": "7324F0F8-6F15-4966-9589-7BDF502DA287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2c9:*:*:*:*:*:*:*",
"matchCriteriaId": "67230924-EDC9-40CD-931E-71D0ED4F4E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2c10:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF4BCCC-8284-4EB2-B38B-06283E584F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2g2:*:*:*:*:*:*:*",
"matchCriteriaId": "288E7531-50DA-4AE1-B152-F0FBE7CA88BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*",
"matchCriteriaId": "914D7AFB-007F-48C1-98C0-13B38F2C2D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED629A5-B807-4856-AD71-DF5040463694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*",
"matchCriteriaId": "5470DC1D-DBE4-4C03-B831-42533DF08D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
"matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:39a:*:*:*:*:*:*:*",
"matchCriteriaId": "F1616805-E66C-41AD-9D58-D15DE096597A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:beta_39a:*:*:*:*:*:*:*",
"matchCriteriaId": "EFE7385D-DD52-4E65-9514-84DD3217E2F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B239D5-5741-40D0-8286-E946604056D3",
"versionEndIncluding": "3.1s",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de cadena de formato en webmail.exe de NetWin SurgeMail 38k4 y versiones anteriores y beta 39a, y WebMail 3.1s y versiones anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de cadenas de formato especificadas en el par\u00e1metro page."
}
],
"id": "CVE-2008-1055",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-27T19:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29105"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29137"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3705"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27990"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6457
Vulnerability from fkie_nvd - Published: 2007-12-20 00:46 - Updated: 2026-04-23 00:35
Severity
Summary
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgemail:38k4:*:*:*:*:*:*:*",
"matchCriteriaId": "6A613F99-9733-411B-A8F9-3A35AEE6B0DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funcionalidad webmail de SurgeMail 38k4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una cabecera Host larga."
}
],
"id": "CVE-2007-6457",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-20T00:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28142"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3464"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26901"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}