Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2005-05-02 04:00

Modified

2024-11-20 23:56

Severity ?

Summary

Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=111159967417903&w=2
cve@mitre.org	http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article&group=netwin.surgemail&item=8814&utag=	Patch
cve@mitre.org	http://secunia.com/advisories/14658	Patch, Vendor Advisory
cve@mitre.org	http://www.security.org.sg/vuln/surgemail22g3.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=111159967417903&w=2
af854a3a-2127-422b-91ae-364da2661108	http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article&group=netwin.surgemail&item=8814&utag=	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/14658	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.security.org.sg/vuln/surgemail22g3.html

Impacted products

	Vendor	Product	Version
	netwin	surgemail	2.2g3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "914D7AFB-007F-48C1-98C0-13B38F2C2D75",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter."
    }
  ],
  "id": "CVE-2005-0845",
  "lastModified": "2024-11-20T23:56:01.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=111159967417903\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag="
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14658"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.security.org.sg/vuln/surgemail22g3.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=111159967417903\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag="
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.security.org.sg/vuln/surgemail22g3.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-06-25 12:36

Modified

2024-11-21 00:47

Severity ?

Summary

Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/30739	Vendor Advisory
cve@mitre.org	http://www.netwinsite.com/surgemail/help/updates.htm
cve@mitre.org	http://www.securityfocus.com/bid/29805
cve@mitre.org	http://www.securitytracker.com/id?1020335
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1874/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/43171
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30739	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.netwinsite.com/surgemail/help/updates.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29805
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020335
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1874/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/43171

Impacted products

Vendor	Product	Version
netwin	surgemail	*
netwin	surgemail	3.8a
netwin	surgemail	3.8b
netwin	surgemail	3.8d
netwin	surgemail	3.8f
netwin	surgemail	3.8f2
netwin	surgemail	3.8f3
netwin	surgemail	3.8i
netwin	surgemail	3.8i2
netwin	surgemail	3.8i3
netwin	surgemail	3.8k
netwin	surgemail	3.8k2
netwin	surgemail	3.8k3
netwin	surgemail	3.8k4
netwin	surgemail	3.8m
netwin	surgemail	3.8o
netwin	surgemail	3.8q
netwin	surgemail	3.8s
netwin	surgemail	3.8u
netwin	surgemail	3.9a
netwin	surgemail	3.9c
netwin	surgemail	3.9e

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D180C666-C5E6-44C9-B61C-1C7ECFB38F24",
              "versionEndIncluding": "3.9g",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "12FCF5D0-3E98-48E4-840C-5DD47A893AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8b:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2E8CA7-DAF6-4C30-8ED1-9FA6D4A660D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C384BC3-603B-4409-B473-F3213D05DB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "C81E2733-0791-4D5E-990F-B40859EEA7C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1CE77D8-ADB3-4A3E-9D79-4F9739F7549A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "19390313-1B1C-4388-AA3B-1A470416FADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB1FD0B1-DEE5-4765-9538-FBA20E8B1559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i3:*:*:*:*:*:*:*",
              "matchCriteriaId": "30495DFC-EC4F-4449-851A-3358C9BCBF69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8k:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4BE37B-BA86-4B1D-A1B6-B5910F61171D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8k2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF32266-AB58-4215-B7FF-CC882835EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8k3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A437EB1A-2E12-4AAB-8817-57D17C2E21E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8k4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AAB36A8-0F51-4424-B6BA-F1A29C759717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8m:*:*:*:*:*:*:*",
              "matchCriteriaId": "25C21957-FA45-4FCE-AFFE-4A0E1345CFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8o:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F1108C3-E6C1-42F2-8A49-A4DEFB5C4DCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8q:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C96445D-DC59-494C-BA42-09A342F39252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8s:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC095432-C4C3-4566-8DBC-8513D47778AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8u:*:*:*:*:*:*:*",
              "matchCriteriaId": "970DDF6C-2DDB-44C6-89F7-22314102C4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5558770D-276A-4136-BB50-C2B6CB8C4AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.9c:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF5ADB9-B57C-4668-A654-29DAE75792CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.9e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B7F09A9-9719-47C2-8021-853F699A7553",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el servicio de IMAP en NetWin SurgeMail anterior a 3.9g2; permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante vectores desconocidos relacionados con un \"comando imap\"."
    }
  ],
  "id": "CVE-2008-2859",
  "lastModified": "2024-11-21T00:47:52.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-06-25T12:36:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30739"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29805"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020335"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1874/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020335"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1874/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-05-24 04:00

Modified

2024-11-20 23:57

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/15425	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2005/0576
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/15425	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/0576

Impacted products

	Vendor	Product	Version
	netwin	surgemail	3.0c2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5470DC1D-DBE4-4C03-B831-42533DF08D93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
    }
  ],
  "id": "CVE-2005-1714",
  "lastModified": "2024-11-20T23:57:57.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-24T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/15425"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/0576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/15425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/0576"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-08-16 18:17

Modified

2024-11-21 00:35

Severity ?

Summary

Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=full-disclosure&m=118710179924684&w=2
cve@mitre.org	http://secunia.com/advisories/26464	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/25318
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2875
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36009
cve@mitre.org	https://www.exploit-db.com/exploits/4287
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=118710179924684&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26464	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25318
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2875
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36009
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/4287

Impacted products

	Vendor	Product	Version
	netwin	surgemail	38k

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:38k:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E938F32-9C91-43C9-B8E9-8101AED6C713",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command.  NOTE: this might overlap CVE-2007-4372."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el servicio IMAP de SurgeMail 38k permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante un argumento largo para el comando SEARCH. NOTA: podr\u00eda solaparse con CVE-2007-4372."
    }
  ],
  "id": "CVE-2007-4377",
  "lastModified": "2024-11-21T00:35:26.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-16T18:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26464"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25318"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2875"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26464"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4287"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-01-07 23:00

Modified

2024-11-21 01:18

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.

References

URL	Tags
cve@mitre.org	http://ictsec.se/?p=108	Exploit
cve@mitre.org	http://secunia.com/advisories/41685	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/514115/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/43679	Exploit
cve@mitre.org	https://www.exploit-db.com/exploits/34797/
af854a3a-2127-422b-91ae-364da2661108	http://ictsec.se/?p=108	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41685	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/514115/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/43679	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/34797/

Impacted products

Vendor	Product	Version
netwin	surgemail	*
netwin	surgemail	1.0c
netwin	surgemail	1.0d
netwin	surgemail	1.1a
netwin	surgemail	1.1b
netwin	surgemail	1.1c
netwin	surgemail	1.1d
netwin	surgemail	1.2a
netwin	surgemail	1.2b
netwin	surgemail	1.2c
netwin	surgemail	1.3a
netwin	surgemail	1.3a_rc1
netwin	surgemail	1.3b
netwin	surgemail	1.3c
netwin	surgemail	1.3d
netwin	surgemail	1.3e
netwin	surgemail	1.3f
netwin	surgemail	1.3g
netwin	surgemail	1.3h
netwin	surgemail	1.3i
netwin	surgemail	1.3j
netwin	surgemail	1.3k
netwin	surgemail	1.3l
netwin	surgemail	1.4a
netwin	surgemail	1.4b
netwin	surgemail	1.4c
netwin	surgemail	1.5a
netwin	surgemail	1.5b
netwin	surgemail	1.5c
netwin	surgemail	1.5d
netwin	surgemail	1.5d2
netwin	surgemail	1.5f
netwin	surgemail	1.6a
netwin	surgemail	1.6b
netwin	surgemail	1.6d
netwin	surgemail	1.6e
netwin	surgemail	1.6e2
netwin	surgemail	1.7a
netwin	surgemail	1.7b3
netwin	surgemail	1.8a
netwin	surgemail	1.8b3
netwin	surgemail	1.8d
netwin	surgemail	1.8e
netwin	surgemail	1.8f
netwin	surgemail	1.8g3
netwin	surgemail	1.9
netwin	surgemail	1.9b2
netwin	surgemail	2.0a2
netwin	surgemail	2.0c
netwin	surgemail	2.0e
netwin	surgemail	2.0g2
netwin	surgemail	2.1a
netwin	surgemail	2.1c7
netwin	surgemail	2.2a6
netwin	surgemail	2.2c9
netwin	surgemail	2.2c10
netwin	surgemail	2.2g2
netwin	surgemail	2.2g3
netwin	surgemail	3.0a
netwin	surgemail	3.0c2
netwin	surgemail	3.1s
netwin	surgemail	3.2e
netwin	surgemail	3.5a
netwin	surgemail	3.5b3
netwin	surgemail	3.6d
netwin	surgemail	3.6f3
netwin	surgemail	3.6f5
netwin	surgemail	3.6f7
netwin	surgemail	3.7b
netwin	surgemail	3.7b3
netwin	surgemail	3.7b5
netwin	surgemail	3.7b6
netwin	surgemail	3.7b7
netwin	surgemail	3.7b8
netwin	surgemail	3.8a
netwin	surgemail	3.8b
netwin	surgemail	3.8d
netwin	surgemail	3.8f
netwin	surgemail	3.8f2
netwin	surgemail	3.8f3
netwin	surgemail	3.8i
netwin	surgemail	3.8i2
netwin	surgemail	3.8i3
netwin	surgemail	3.8k
netwin	surgemail	3.8k2
netwin	surgemail	3.8k3
netwin	surgemail	3.8k4
netwin	surgemail	3.8m
netwin	surgemail	3.8o
netwin	surgemail	3.8q
netwin	surgemail	3.8s
netwin	surgemail	3.8u
netwin	surgemail	3.9a
netwin	surgemail	3.9c
netwin	surgemail	3.9e
netwin	surgemail	3.9g
netwin	surgemail	3.9g2
netwin	surgemail	4.0a
netwin	surgemail	4.0k
netwin	surgemail	4.0u3
netwin	surgemail	4.0u4
netwin	surgemail	4.0v-8
netwin	surgemail	4.2a2-2
netwin	surgemail	4.2a2-3
netwin	surgemail	4.2a3-3
netwin	surgemail	4.2d-1
netwin	surgemail	4.2d2-2
netwin	surgemail	4.2d3-3
netwin	surgemail	beta_3.9a

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C838E7E-AE55-4DE5-BE51-8E3561B5A88E",
              "versionEndIncluding": "4.2d4-4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "87817AF2-201D-4A00-BCA2-FDBF716BFB12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.0d:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76EAC7A-4BB3-4E38-9101-C5382C010E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB0A419-82B9-4801-A6CA-AB01E2E27451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B47ACEC-91A6-47DA-AF53-BB24A9A48B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "54EA3FA5-305E-4FB1-88C2-96B3C60BDE96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.1d:*:*:*:*:*:*:*",
              "matchCriteriaId": "D744A39C-6695-4F05-8E0A-233A9F000464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78062477-35B1-490E-AA67-5B4D322B1684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5563478-FC8A-4FE6-9FA6-7A85A1D63827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.2c:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5C2D087-9C3A-4D7A-83AB-5367C8CC6ED9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0490B62E-6F13-40E8-AB75-7B6D88BDBF81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3a_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C49C51-FE9B-490B-B901-57D37735CCE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "3246EA70-861C-4D6F-A1BF-4BCBB5FF933A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3c:*:*:*:*:*:*:*",
              "matchCriteriaId": "85FBF22E-94A9-429D-A879-78EE00FA2EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3d:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FE3E637-1198-4B4D-8A5B-F7E5DC48A8EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3e:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB1AE7C-16A2-4D85-BF27-82140DFFF631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D052EED-AB9C-4EB6-A45B-29B2D125D0CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3g:*:*:*:*:*:*:*",
              "matchCriteriaId": "550CED69-8A52-489E-B4AD-48C3B2C8DD13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3h:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEDC18DD-9D55-4D07-9157-5A925299FC02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3i:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A6BCA9B-569E-497F-8D51-7A953CA9EB79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3j:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7311BF0-CBCB-40F6-AB2B-014EC421DD9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3k:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5CCE110-187E-424E-8D2A-E2EAEDD1606C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3l:*:*:*:*:*:*:*",
              "matchCriteriaId": "2260E333-8CCB-4536-B5F2-8885F8BB6B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5636090B-E382-42CF-8A05-0EE5BF36ACB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.4b:*:*:*:*:*:*:*",
              "matchCriteriaId": "77DE0FB4-8AC2-487A-A73B-DBD9527657FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.4c:*:*:*:*:*:*:*",
              "matchCriteriaId": "49B0E240-B9E0-4CFD-852C-51E00B5E8ECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0498C94D-B215-417A-971F-A2430393CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FEDBD88-3242-4FCA-949A-32B13CF7D89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5c:*:*:*:*:*:*:*",
              "matchCriteriaId": "5484C012-9DE1-4F48-B467-5FC9577F7EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5d:*:*:*:*:*:*:*",
              "matchCriteriaId": "66F4BC6E-0E24-49F9-9160-E3A346E37E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5d2:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D4C2B3-4879-461D-B57C-B59AFC6B6310",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BECF5E0C-D2C0-4D6F-8FD6-BE6F0FA94887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0575796D-59FC-4D55-B4BA-E4F332296CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A3FEAAF-6DFE-4288-A3D2-7EFE64417C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65A9997-D18E-4FB9-9E54-C3C83A03047F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "20FB3D3F-9BFC-441B-B974-AEB92C48D04E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.6e2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38C61D1-36CB-4A2F-B8AB-E12729915A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBDA0620-DBE8-4659-8B23-F300735F7078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.7b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30D2CEC-CB08-4454-9305-A96BB92830CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F3F0B2-8A75-42A6-9B4C-E1C2AA8EF27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B04968-6115-48D0-A315-D0445234DA23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3213555-A5AC-4722-B2A9-26726803F813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB5003E-B9BA-4DD0-98EE-C3AAFBF7BFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FAD6F1-2A15-4A28-9E33-33B67D627956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "439847AC-0ACD-4BDB-A935-3CE645366DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*",
              "matchCriteriaId": "90487000-A5DA-463B-82B2-5F83DBEC7154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B654A1F-01A3-4F18-A1E6-9D924BF34397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FDB3E97-547C-4531-81E9-B280E3DF39D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0g2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DA6241-B456-4721-BAB7-A857FAA4B41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F72E7E-9561-4F82-8AFC-DB0DA32F8221",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.1c7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBBC4664-D561-4DDD-AC69-003D498FE40B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2a6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7324F0F8-6F15-4966-9589-7BDF502DA287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2c9:*:*:*:*:*:*:*",
              "matchCriteriaId": "67230924-EDC9-40CD-931E-71D0ED4F4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2c10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAF4BCCC-8284-4EB2-B38B-06283E584F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2g2:*:*:*:*:*:*:*",
              "matchCriteriaId": "288E7531-50DA-4AE1-B152-F0FBE7CA88BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "914D7AFB-007F-48C1-98C0-13B38F2C2D75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ED629A5-B807-4856-AD71-DF5040463694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5470DC1D-DBE4-4C03-B831-42533DF08D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "A697CF22-6FEF-4134-90D7-C000E891157D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.2e:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4420781-D233-4C09-9979-B20BB476E635",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4180CD-DCAC-42DB-8973-F8233F8B8EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.5b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BB3CEAB-41DD-447B-B36E-C5C5B9F1A2F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CE7B0E5-E5A8-4F03-867A-8AE987D2254B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.6f3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60B63ABA-5B8B-4EF2-A832-38F047904727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.6f5:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D7306C-A95A-4DB8-A6F1-29B233FF9977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.6f7:*:*:*:*:*:*:*",
              "matchCriteriaId": "234A98AA-6482-4889-B3A3-3D4EC1023371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "063644A4-AD5B-4BD7-9B6C-ADA2C47562C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB85D71-332A-4B5F-8B48-57CE29461920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0871CD5E-B0B7-4A80-924F-073227420136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b6:*:*:*:*:*:*:*",
              "matchCriteriaId": "563791A9-A34B-4C2A-9F4F-F878654C5742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AAF682B-5815-4787-B288-F1CB47F1C986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4764A66-0284-4D85-9A8D-69CC9FCD53EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "12FCF5D0-3E98-48E4-840C-5DD47A893AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8b:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2E8CA7-DAF6-4C30-8ED1-9FA6D4A660D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C384BC3-603B-4409-B473-F3213D05DB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "C81E2733-0791-4D5E-990F-B40859EEA7C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1CE77D8-ADB3-4A3E-9D79-4F9739F7549A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "19390313-1B1C-4388-AA3B-1A470416FADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB1FD0B1-DEE5-4765-9538-FBA20E8B1559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i3:*:*:*:*:*:*:*",
              "matchCriteriaId": "30495DFC-EC4F-4449-851A-3358C9BCBF69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8k:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4BE37B-BA86-4B1D-A1B6-B5910F61171D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8k2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF32266-AB58-4215-B7FF-CC882835EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8k3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A437EB1A-2E12-4AAB-8817-57D17C2E21E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8k4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AAB36A8-0F51-4424-B6BA-F1A29C759717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8m:*:*:*:*:*:*:*",
              "matchCriteriaId": "25C21957-FA45-4FCE-AFFE-4A0E1345CFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8o:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F1108C3-E6C1-42F2-8A49-A4DEFB5C4DCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8q:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C96445D-DC59-494C-BA42-09A342F39252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8s:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC095432-C4C3-4566-8DBC-8513D47778AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8u:*:*:*:*:*:*:*",
              "matchCriteriaId": "970DDF6C-2DDB-44C6-89F7-22314102C4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5558770D-276A-4136-BB50-C2B6CB8C4AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.9c:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF5ADB9-B57C-4668-A654-29DAE75792CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.9e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B7F09A9-9719-47C2-8021-853F699A7553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.9g:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CB21ADE-D9AE-4D54-BB27-4CBE82A8FD51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.9g2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64A2ADFB-E87B-43A9-A01D-C9B5F5BF6B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:4.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B57600C3-918D-4893-8B55-C3FCAD53DF24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:4.0k:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDEFA9D-7FB0-4234-9B20-3F82C2668D1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:4.0u3:*:*:*:*:*:*:*",
              "matchCriteriaId": "18AE7F25-4E72-4157-BAD0-27C084F0227B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:4.0u4:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DC55C1-C7D8-4FEC-8476-D5176296C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:4.0v-8:*:*:*:*:*:*:*",
              "matchCriteriaId": "804C5810-1BC0-4467-9FBE-C73159C19892",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:4.2a2-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A872AE-FA11-46C8-9CB9-F25A42B5C0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:4.2a2-3:*:*:*:*:*:*:*",
              "matchCriteriaId": "080B5960-27AC-4FA1-A747-C7AC50D4D864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:4.2a3-3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1CD622C-6973-4EDB-B600-D086DD5A25D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:4.2d-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE82987-B3CD-4670-BA05-82FFDD3455B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:4.2d2-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F08298-1882-4656-95F3-3994F9F3BA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:4.2d3-3:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D5426E-E74D-4D1E-8CBB-EC66ACACA8E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:beta_3.9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6456955D-D8EF-43A3-9CB8-8B4D44A1DCD1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en NetWin Surgemail anterirores a v4.3g permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro username_ex sobre el programa surgeweb."
    }
  ],
  "id": "CVE-2010-3201",
  "lastModified": "2024-11-21T01:18:15.993",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-01-07T23:00:02.250",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://ictsec.se/?p=108"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41685"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/43679"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/34797/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://ictsec.se/?p=108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/43679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/34797/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-12-20 00:46

Modified

2024-11-21 00:40

Severity ?

Summary

Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.

References

URL	Tags
cve@mitre.org	http://retrogod.altervista.org/rgod_surgemail_crash.html	Exploit
cve@mitre.org	http://secunia.com/advisories/28142	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3464
cve@mitre.org	http://www.securityfocus.com/archive/1/485224/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26901	Exploit
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4245
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39087
af854a3a-2127-422b-91ae-364da2661108	http://retrogod.altervista.org/rgod_surgemail_crash.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28142	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3464
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/485224/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26901	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4245
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39087

Impacted products

	Vendor	Product	Version
	netwin	surgemail	38k4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:38k4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A613F99-9733-411B-A8F9-3A35AEE6B0DD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en la funcionalidad webmail de SurgeMail 38k4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una cabecera Host larga."
    }
  ],
  "id": "CVE-2007-6457",
  "lastModified": "2024-11-21T00:40:11.577",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-12-20T00:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28142"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3464"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/26901"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4245"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3464"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/26901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-03-25 19:44

Modified

2024-11-21 00:44

Severity ?

Summary

Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/29105	Vendor Advisory
cve@mitre.org	http://www.netwinsite.com/surgemail/help/updates.htm
cve@mitre.org	http://www.securityfocus.com/bid/28260
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0901/references
cve@mitre.org	https://www.exploit-db.com/exploits/5259
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29105	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.netwinsite.com/surgemail/help/updates.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28260
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0901/references
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/5259

Impacted products

	Vendor	Product	Version
	netwin	surgemail	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF997ADC-BF65-4ED0-8C66-01CB824407D8",
              "versionEndIncluding": "3.8k4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en Pila en el servicio IMAP de NetWin SurgeMail 38k4-4 y versiones anteriores, permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante un primer argumento largo del comando LIST."
    }
  ],
  "id": "CVE-2008-1498",
  "lastModified": "2024-11-21T00:44:40.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-25T19:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29105"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28260"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0901/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/5259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0901/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/5259"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-02-27 19:44

Modified

2024-11-21 00:43

Severity ?

Summary

Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.

References

URL	Tags
cve@mitre.org	http://aluigi.altervista.org/adv/surgemailz-adv.txt	Exploit
cve@mitre.org	http://secunia.com/advisories/29105	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3705
cve@mitre.org	http://www.securityfocus.com/archive/1/488741/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/27992	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1019500
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0678
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/40834
af854a3a-2127-422b-91ae-364da2661108	http://aluigi.altervista.org/adv/surgemailz-adv.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29105	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3705
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/488741/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27992	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019500
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0678
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/40834

Impacted products

Vendor	Product	Version
netwin	surgemail	1.8a
netwin	surgemail	1.8b3
netwin	surgemail	1.8d
netwin	surgemail	1.8e
netwin	surgemail	1.8g3
netwin	surgemail	1.9
netwin	surgemail	1.9b2
netwin	surgemail	2.0a2
netwin	surgemail	2.0c
netwin	surgemail	2.0e
netwin	surgemail	2.0g2
netwin	surgemail	2.1a
netwin	surgemail	2.1c7
netwin	surgemail	2.2a6
netwin	surgemail	2.2c9
netwin	surgemail	2.2c10
netwin	surgemail	2.2g2
netwin	surgemail	2.2g3
netwin	surgemail	3.0a
netwin	surgemail	3.0c2
netwin	surgemail	3.1s
netwin	surgemail	3.8f3
netwin	surgemail	3.8i
netwin	surgemail	3.8i2
netwin	surgemail	3.8i3
netwin	surgemail	38k
netwin	surgemail	38k4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F3F0B2-8A75-42A6-9B4C-E1C2AA8EF27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B04968-6115-48D0-A315-D0445234DA23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3213555-A5AC-4722-B2A9-26726803F813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB5003E-B9BA-4DD0-98EE-C3AAFBF7BFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "439847AC-0ACD-4BDB-A935-3CE645366DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*",
              "matchCriteriaId": "90487000-A5DA-463B-82B2-5F83DBEC7154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B654A1F-01A3-4F18-A1E6-9D924BF34397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FDB3E97-547C-4531-81E9-B280E3DF39D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0g2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DA6241-B456-4721-BAB7-A857FAA4B41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F72E7E-9561-4F82-8AFC-DB0DA32F8221",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.1c7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBBC4664-D561-4DDD-AC69-003D498FE40B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2a6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7324F0F8-6F15-4966-9589-7BDF502DA287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2c9:*:*:*:*:*:*:*",
              "matchCriteriaId": "67230924-EDC9-40CD-931E-71D0ED4F4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2c10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAF4BCCC-8284-4EB2-B38B-06283E584F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2g2:*:*:*:*:*:*:*",
              "matchCriteriaId": "288E7531-50DA-4AE1-B152-F0FBE7CA88BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "914D7AFB-007F-48C1-98C0-13B38F2C2D75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ED629A5-B807-4856-AD71-DF5040463694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5470DC1D-DBE4-4C03-B831-42533DF08D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "A697CF22-6FEF-4134-90D7-C000E891157D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "19390313-1B1C-4388-AA3B-1A470416FADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB1FD0B1-DEE5-4765-9538-FBA20E8B1559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i3:*:*:*:*:*:*:*",
              "matchCriteriaId": "30495DFC-EC4F-4449-851A-3358C9BCBF69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:38k:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E938F32-9C91-43C9-B8E9-8101AED6C713",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:38k4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A613F99-9733-411B-A8F9-3A35AEE6B0DD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n _lib_spawn_user_getpid de (1) swatch.exe y (2) surgemail.exe en NetWin SurgeMail 38k4 y versiones anteriores, y beta 39a, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una petici\u00f3n HTTP con m\u00faltiples cabeceras largas de webmail.exe y otros ejecutables CGI no especificados, lo cual dispara un desbordamiento cuando asignan valores a variables de entorno.\r\nNOTA: parte de esta informaci\u00f3n ha sido obtenida a partir de la informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2008-1054",
  "lastModified": "2024-11-21T00:43:33.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-27T19:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29105"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3705"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27992"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019500"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0678"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-12-31 05:00

Modified

2024-11-20 23:53

Severity ?

Summary

NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html	Exploit, Patch
cve@mitre.org	http://secunia.com/advisories/11772	Patch, Vendor Advisory
cve@mitre.org	http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt	Exploit, Patch
cve@mitre.org	http://www.netwinsite.com/surgemail/help/updates.htm	Patch
cve@mitre.org	http://www.osvdb.org/6745	Exploit, Patch
cve@mitre.org	http://www.securityfocus.com/bid/10483	Exploit, Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/16319
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/11772	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.netwinsite.com/surgemail/help/updates.htm	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6745	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/10483	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/16319

Impacted products

Vendor	Product	Version
netwin	surgemail	1.0c
netwin	surgemail	1.0d
netwin	surgemail	1.1a
netwin	surgemail	1.1b
netwin	surgemail	1.1c
netwin	surgemail	1.1d
netwin	surgemail	1.2a
netwin	surgemail	1.2b
netwin	surgemail	1.2c
netwin	surgemail	1.3a
netwin	surgemail	1.3a_rc1
netwin	surgemail	1.3b
netwin	surgemail	1.3c
netwin	surgemail	1.3d
netwin	surgemail	1.3e
netwin	surgemail	1.3f
netwin	surgemail	1.3g
netwin	surgemail	1.3h
netwin	surgemail	1.3i
netwin	surgemail	1.3j
netwin	surgemail	1.3k
netwin	surgemail	1.3l
netwin	surgemail	1.4a
netwin	surgemail	1.4b
netwin	surgemail	1.4c
netwin	surgemail	1.5a
netwin	surgemail	1.5b
netwin	surgemail	1.5c
netwin	surgemail	1.5d
netwin	surgemail	1.5d2
netwin	surgemail	1.5f
netwin	surgemail	1.6a
netwin	surgemail	1.6b
netwin	surgemail	1.6d
netwin	surgemail	1.6e
netwin	surgemail	1.6e2
netwin	surgemail	1.7a
netwin	surgemail	1.7b3
netwin	surgemail	1.8a
netwin	surgemail	1.8b3
netwin	surgemail	1.8d
netwin	surgemail	1.8e
netwin	surgemail	1.8g3
netwin	surgemail	1.9b2
netwin	surgemail	2.0a2
netwin	webmail	3.1d

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "87817AF2-201D-4A00-BCA2-FDBF716BFB12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.0d:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76EAC7A-4BB3-4E38-9101-C5382C010E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB0A419-82B9-4801-A6CA-AB01E2E27451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B47ACEC-91A6-47DA-AF53-BB24A9A48B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "54EA3FA5-305E-4FB1-88C2-96B3C60BDE96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.1d:*:*:*:*:*:*:*",
              "matchCriteriaId": "D744A39C-6695-4F05-8E0A-233A9F000464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78062477-35B1-490E-AA67-5B4D322B1684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5563478-FC8A-4FE6-9FA6-7A85A1D63827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.2c:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5C2D087-9C3A-4D7A-83AB-5367C8CC6ED9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0490B62E-6F13-40E8-AB75-7B6D88BDBF81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3a_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C49C51-FE9B-490B-B901-57D37735CCE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "3246EA70-861C-4D6F-A1BF-4BCBB5FF933A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3c:*:*:*:*:*:*:*",
              "matchCriteriaId": "85FBF22E-94A9-429D-A879-78EE00FA2EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3d:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FE3E637-1198-4B4D-8A5B-F7E5DC48A8EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3e:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB1AE7C-16A2-4D85-BF27-82140DFFF631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D052EED-AB9C-4EB6-A45B-29B2D125D0CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3g:*:*:*:*:*:*:*",
              "matchCriteriaId": "550CED69-8A52-489E-B4AD-48C3B2C8DD13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3h:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEDC18DD-9D55-4D07-9157-5A925299FC02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3i:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A6BCA9B-569E-497F-8D51-7A953CA9EB79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3j:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7311BF0-CBCB-40F6-AB2B-014EC421DD9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3k:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5CCE110-187E-424E-8D2A-E2EAEDD1606C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.3l:*:*:*:*:*:*:*",
              "matchCriteriaId": "2260E333-8CCB-4536-B5F2-8885F8BB6B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5636090B-E382-42CF-8A05-0EE5BF36ACB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.4b:*:*:*:*:*:*:*",
              "matchCriteriaId": "77DE0FB4-8AC2-487A-A73B-DBD9527657FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.4c:*:*:*:*:*:*:*",
              "matchCriteriaId": "49B0E240-B9E0-4CFD-852C-51E00B5E8ECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0498C94D-B215-417A-971F-A2430393CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FEDBD88-3242-4FCA-949A-32B13CF7D89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5c:*:*:*:*:*:*:*",
              "matchCriteriaId": "5484C012-9DE1-4F48-B467-5FC9577F7EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5d:*:*:*:*:*:*:*",
              "matchCriteriaId": "66F4BC6E-0E24-49F9-9160-E3A346E37E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5d2:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D4C2B3-4879-461D-B57C-B59AFC6B6310",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.5f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BECF5E0C-D2C0-4D6F-8FD6-BE6F0FA94887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0575796D-59FC-4D55-B4BA-E4F332296CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A3FEAAF-6DFE-4288-A3D2-7EFE64417C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65A9997-D18E-4FB9-9E54-C3C83A03047F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "20FB3D3F-9BFC-441B-B974-AEB92C48D04E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.6e2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38C61D1-36CB-4A2F-B8AB-E12729915A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBDA0620-DBE8-4659-8B23-F300735F7078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.7b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30D2CEC-CB08-4454-9305-A96BB92830CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F3F0B2-8A75-42A6-9B4C-E1C2AA8EF27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B04968-6115-48D0-A315-D0445234DA23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3213555-A5AC-4722-B2A9-26726803F813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB5003E-B9BA-4DD0-98EE-C3AAFBF7BFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*",
              "matchCriteriaId": "90487000-A5DA-463B-82B2-5F83DBEC7154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:webmail:3.1d:*:*:*:*:*:*:*",
              "matchCriteriaId": "282F56FD-7FAC-4450-B2EF-29DA7F27E83C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message."
    }
  ],
  "id": "CVE-2004-2547",
  "lastModified": "2024-11-20T23:53:38.037",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11772"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.osvdb.org/6745"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/10483"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.osvdb.org/6745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/10483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16319"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-03-25 19:44

Modified

2024-11-21 00:44

Severity ?

Summary

Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/29105	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3774	Exploit
cve@mitre.org	http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07	Exploit
cve@mitre.org	http://www.netwinsite.com/surgemail/help/updates.htm	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/489959/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/28377	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41402
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29105	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3774	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.netwinsite.com/surgemail/help/updates.htm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/489959/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28377	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41402

Impacted products

Vendor	Product	Version
netwin	surgemail	1.8g3
netwin	surgemail	1.9b2
netwin	surgemail	2.0a2
netwin	surgemail	2.0c
netwin	surgemail	2.0e
netwin	surgemail	2.0g2
netwin	surgemail	2.1c7
netwin	surgemail	2.2a6
netwin	surgemail	2.2c10
netwin	surgemail	2.2g2
netwin	surgemail	2.2g3
netwin	surgemail	3.0a
netwin	surgemail	3.0c2
netwin	surgemail	3.2e
netwin	surgemail	3.5a
netwin	surgemail	3.5b3
netwin	surgemail	3.6d
netwin	surgemail	3.6f3
netwin	surgemail	3.6f5
netwin	surgemail	3.6f7
netwin	surgemail	3.7b
netwin	surgemail	3.7b3
netwin	surgemail	3.7b5
netwin	surgemail	3.7b6
netwin	surgemail	3.7b7
netwin	surgemail	3.7b8
netwin	surgemail	3.8a
netwin	surgemail	3.8b
netwin	surgemail	3.8d
netwin	surgemail	3.8f
netwin	surgemail	3.8f2
netwin	surgemail	3.8f3
netwin	surgemail	3.8i
netwin	surgemail	3.8i2
netwin	surgemail	3.8i3
netwin	surgemail	3.8k
netwin	surgemail	3.8k2
netwin	surgemail	3.8k3
netwin	surgemail	3.8m

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*",
              "matchCriteriaId": "90487000-A5DA-463B-82B2-5F83DBEC7154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B654A1F-01A3-4F18-A1E6-9D924BF34397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FDB3E97-547C-4531-81E9-B280E3DF39D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0g2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DA6241-B456-4721-BAB7-A857FAA4B41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.1c7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBBC4664-D561-4DDD-AC69-003D498FE40B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2a6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7324F0F8-6F15-4966-9589-7BDF502DA287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2c10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAF4BCCC-8284-4EB2-B38B-06283E584F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2g2:*:*:*:*:*:*:*",
              "matchCriteriaId": "288E7531-50DA-4AE1-B152-F0FBE7CA88BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "914D7AFB-007F-48C1-98C0-13B38F2C2D75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ED629A5-B807-4856-AD71-DF5040463694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5470DC1D-DBE4-4C03-B831-42533DF08D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.2e:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4420781-D233-4C09-9979-B20BB476E635",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4180CD-DCAC-42DB-8973-F8233F8B8EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.5b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BB3CEAB-41DD-447B-B36E-C5C5B9F1A2F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CE7B0E5-E5A8-4F03-867A-8AE987D2254B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.6f3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60B63ABA-5B8B-4EF2-A832-38F047904727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.6f5:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D7306C-A95A-4DB8-A6F1-29B233FF9977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.6f7:*:*:*:*:*:*:*",
              "matchCriteriaId": "234A98AA-6482-4889-B3A3-3D4EC1023371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "063644A4-AD5B-4BD7-9B6C-ADA2C47562C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB85D71-332A-4B5F-8B48-57CE29461920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0871CD5E-B0B7-4A80-924F-073227420136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b6:*:*:*:*:*:*:*",
              "matchCriteriaId": "563791A9-A34B-4C2A-9F4F-F878654C5742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AAF682B-5815-4787-B288-F1CB47F1C986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.7b8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4764A66-0284-4D85-9A8D-69CC9FCD53EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "12FCF5D0-3E98-48E4-840C-5DD47A893AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8b:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2E8CA7-DAF6-4C30-8ED1-9FA6D4A660D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C384BC3-603B-4409-B473-F3213D05DB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "C81E2733-0791-4D5E-990F-B40859EEA7C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1CE77D8-ADB3-4A3E-9D79-4F9739F7549A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "19390313-1B1C-4388-AA3B-1A470416FADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB1FD0B1-DEE5-4765-9538-FBA20E8B1559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i3:*:*:*:*:*:*:*",
              "matchCriteriaId": "30495DFC-EC4F-4449-851A-3358C9BCBF69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8k:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4BE37B-BA86-4B1D-A1B6-B5910F61171D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8k2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF32266-AB58-4215-B7FF-CC882835EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8k3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A437EB1A-2E12-4AAB-8817-57D17C2E21E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8m:*:*:*:*:*:*:*",
              "matchCriteriaId": "25C21957-FA45-4FCE-AFFE-4A0E1345CFE9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en Pila en el servicio IMAP de NetWin SurgeMail 38k4-4 y versiones anteriores, permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos largos del comando LSUB."
    }
  ],
  "id": "CVE-2008-1497",
  "lastModified": "2024-11-21T00:44:40.687",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-25T19:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29105"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securityreason.com/securityalert/3774"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/28377"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securityreason.com/securityalert/3774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/28377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-05-02 04:00

Modified

2024-11-20 23:56

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=111159967417903&w=2
cve@mitre.org	http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article&group=netwin.surgemail&item=8814&utag=	Patch
cve@mitre.org	http://secunia.com/advisories/14658	Patch, Vendor Advisory
cve@mitre.org	http://www.security.org.sg/vuln/surgemail22g3.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=111159967417903&w=2
af854a3a-2127-422b-91ae-364da2661108	http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article&group=netwin.surgemail&item=8814&utag=	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/14658	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.security.org.sg/vuln/surgemail22g3.html

Impacted products

	Vendor	Product	Version
	netwin	surgemail	2.2g3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "914D7AFB-007F-48C1-98C0-13B38F2C2D75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field."
    }
  ],
  "id": "CVE-2005-0846",
  "lastModified": "2024-11-20T23:56:01.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=111159967417903\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag="
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14658"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.security.org.sg/vuln/surgemail22g3.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=111159967417903\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag="
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.security.org.sg/vuln/surgemail22g3.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-05-14 21:19

Modified

2024-11-21 00:31

Severity ?

Summary

Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution.

References

URL	Tags
cve@mitre.org	http://osvdb.org/35891
cve@mitre.org	http://secunia.com/advisories/25207	Patch, Vendor Advisory
cve@mitre.org	http://www.netwinsite.com/surgemail/help/updates.htm	Patch
cve@mitre.org	http://www.securityfocus.com/bid/23908	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1755	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34217
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35891
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25207	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.netwinsite.com/surgemail/help/updates.htm	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23908	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1755	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34217

Impacted products

Vendor	Product	Version
netwin	surgemail	3.8f3
netwin	surgemail	3.8i
netwin	surgemail	3.8i2
netwin	webmail	3.1s1
netwin	webmail	3.1s13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "19390313-1B1C-4388-AA3B-1A470416FADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8i2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB1FD0B1-DEE5-4765-9538-FBA20E8B1559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:webmail:3.1s1:*:*:*:*:*:*:*",
              "matchCriteriaId": "383F78AD-F1F6-412E-B035-3E7D8EDD2FFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:webmail:3.1s13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E73FA79-D0DF-4026-97B5-82246F7630DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en NetWin Webmail versi\u00f3n 3.1s-1 en SurgeMail versiones anteriores a 3.8i2, presenta un impacto desconocido y vectores de ataque remoto, posiblemente una vulnerabilidad de cadena de formato que permite la ejecuci\u00f3n de c\u00f3digo remota."
    }
  ],
  "evaluatorSolution": "The vendor has addressed this issue through a product update: \r\nhttp://netwinsite.com/cgi-bin/keycgi.exe?cmd=download\u0026product=surgemail",
  "id": "CVE-2007-2655",
  "lastModified": "2024-11-21T00:31:20.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-05-14T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/35891"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25207"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23908"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1755"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-12-31 05:00

Modified

2024-11-20 23:53

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html	Exploit, Patch
cve@mitre.org	http://secunia.com/advisories/11772	Patch, Vendor Advisory
cve@mitre.org	http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt	Exploit
cve@mitre.org	http://www.netwinsite.com/surgemail/help/updates.htm
cve@mitre.org	http://www.osvdb.org/6746	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/10483	Exploit, Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/16320
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/11772	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.netwinsite.com/surgemail/help/updates.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6746	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/10483	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/16320

Impacted products

Vendor	Product	Version
netwin	surgemail	*
netwin	surgemail	1.8a
netwin	surgemail	1.8b3
netwin	surgemail	1.8d
netwin	surgemail	1.8f
netwin	surgemail	1.8g3
netwin	surgemail	1.9
netwin	surgemail	1.9b2
netwin	webmail	3.1d

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B907DFAA-E772-416A-AC6A-EB92CF871D92",
              "versionEndIncluding": "2.0a2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F3F0B2-8A75-42A6-9B4C-E1C2AA8EF27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B04968-6115-48D0-A315-D0445234DA23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3213555-A5AC-4722-B2A9-26726803F813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FAD6F1-2A15-4A28-9E33-33B67D627956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "439847AC-0ACD-4BDB-A935-3CE645366DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:webmail:3.1d:*:*:*:*:*:*:*",
              "matchCriteriaId": "282F56FD-7FAC-4450-B2EF-29DA7F27E83C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form.  NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547)."
    }
  ],
  "id": "CVE-2004-2548",
  "lastModified": "2024-11-20T23:53:38.200",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11772"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6746"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/10483"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/10483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16320"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-12-31 05:00

Modified

2024-11-20 23:53

Severity ?

Summary

Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."

References

URL	Tags
cve@mitre.org	http://netwinsite.com/surgemail/help/updates.htm
cve@mitre.org	http://secunia.com/advisories/13621	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/12559
cve@mitre.org	http://www.securityfocus.com/bid/12086	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/18648
af854a3a-2127-422b-91ae-364da2661108	http://netwinsite.com/surgemail/help/updates.htm
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/13621	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/12559
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/12086	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/18648

Impacted products

Vendor	Product	Version
netwin	surgemail	1.8a
netwin	surgemail	1.8b3
netwin	surgemail	1.8d
netwin	surgemail	1.8f
netwin	surgemail	1.8g3
netwin	surgemail	1.9
netwin	surgemail	1.9b2
netwin	surgemail	2.0a2
netwin	surgemail	2.0c
netwin	surgemail	2.0e
netwin	surgemail	2.0g2
netwin	surgemail	2.1a
netwin	surgemail	2.1c7
netwin	surgemail	2.2a6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F3F0B2-8A75-42A6-9B4C-E1C2AA8EF27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B04968-6115-48D0-A315-D0445234DA23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3213555-A5AC-4722-B2A9-26726803F813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FAD6F1-2A15-4A28-9E33-33B67D627956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "439847AC-0ACD-4BDB-A935-3CE645366DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*",
              "matchCriteriaId": "90487000-A5DA-463B-82B2-5F83DBEC7154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B654A1F-01A3-4F18-A1E6-9D924BF34397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FDB3E97-547C-4531-81E9-B280E3DF39D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0g2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DA6241-B456-4721-BAB7-A857FAA4B41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F72E7E-9561-4F82-8AFC-DB0DA32F8221",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.1c7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBBC4664-D561-4DDD-AC69-003D498FE40B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2a6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7324F0F8-6F15-4966-9589-7BDF502DA287",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a \"Webmail security bug.\""
    }
  ],
  "id": "CVE-2004-2537",
  "lastModified": "2024-11-20T23:53:36.440",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/13621"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/12559"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/12086"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/13621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/12559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/12086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18648"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-02-27 19:44

Modified

2024-11-21 00:43

Severity ?

Summary

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

References

URL	Tags
cve@mitre.org	http://aluigi.altervista.org/adv/surgemailz-adv.txt
cve@mitre.org	http://secunia.com/advisories/29105	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29137
cve@mitre.org	http://securityreason.com/securityalert/3705
cve@mitre.org	http://www.securityfocus.com/archive/1/488741/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/27990	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1019500
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0678
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/40833
af854a3a-2127-422b-91ae-364da2661108	http://aluigi.altervista.org/adv/surgemailz-adv.txt
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29105	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29137
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3705
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/488741/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27990	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019500
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0678
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/40833

Impacted products

Vendor	Product	Version
netwin	surgemail	*
netwin	surgemail	1.8a
netwin	surgemail	1.8b3
netwin	surgemail	1.8d
netwin	surgemail	1.8e
netwin	surgemail	1.8g3
netwin	surgemail	1.9
netwin	surgemail	1.9b2
netwin	surgemail	2.0a2
netwin	surgemail	2.0c
netwin	surgemail	2.0e
netwin	surgemail	2.0g2
netwin	surgemail	2.1a
netwin	surgemail	2.1c7
netwin	surgemail	2.2a6
netwin	surgemail	2.2c9
netwin	surgemail	2.2c10
netwin	surgemail	2.2g2
netwin	surgemail	2.2g3
netwin	surgemail	3.0a
netwin	surgemail	3.0c2
netwin	surgemail	3.8f3
netwin	surgemail	39a
netwin	surgemail	beta_39a
netwin	webmail	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0338308B-54C6-4C2F-9A5F-A4D0AB34E091",
              "versionEndIncluding": "38k4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F3F0B2-8A75-42A6-9B4C-E1C2AA8EF27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B04968-6115-48D0-A315-D0445234DA23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3213555-A5AC-4722-B2A9-26726803F813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB5003E-B9BA-4DD0-98EE-C3AAFBF7BFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "439847AC-0ACD-4BDB-A935-3CE645366DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*",
              "matchCriteriaId": "90487000-A5DA-463B-82B2-5F83DBEC7154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B654A1F-01A3-4F18-A1E6-9D924BF34397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FDB3E97-547C-4531-81E9-B280E3DF39D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.0g2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DA6241-B456-4721-BAB7-A857FAA4B41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F72E7E-9561-4F82-8AFC-DB0DA32F8221",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.1c7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBBC4664-D561-4DDD-AC69-003D498FE40B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2a6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7324F0F8-6F15-4966-9589-7BDF502DA287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2c9:*:*:*:*:*:*:*",
              "matchCriteriaId": "67230924-EDC9-40CD-931E-71D0ED4F4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2c10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAF4BCCC-8284-4EB2-B38B-06283E584F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2g2:*:*:*:*:*:*:*",
              "matchCriteriaId": "288E7531-50DA-4AE1-B152-F0FBE7CA88BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*",
              "matchCriteriaId": "914D7AFB-007F-48C1-98C0-13B38F2C2D75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ED629A5-B807-4856-AD71-DF5040463694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5470DC1D-DBE4-4C03-B831-42533DF08D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:39a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1616805-E66C-41AD-9D58-D15DE096597A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:beta_39a:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFE7385D-DD52-4E65-9514-84DD3217E2F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:webmail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B239D5-5741-40D0-8286-E946604056D3",
              "versionEndIncluding": "3.1s",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de cadena de formato en webmail.exe de NetWin SurgeMail 38k4 y versiones anteriores y beta 39a, y WebMail 3.1s y versiones anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de cadenas de formato especificadas en el par\u00e1metro page."
    }
  ],
  "id": "CVE-2008-1055",
  "lastModified": "2024-11-21T00:43:33.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-27T19:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29105"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3705"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27990"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019500"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0678"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-09-08 10:30

Modified

2024-11-21 00:58

Severity ?

Summary

Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.

References

URL	Tags
cve@mitre.org	http://www.netwinsite.com/surgemail/help/updates.htm	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/496482
cve@mitre.org	http://www.securityfocus.com/bid/30000	Exploit
cve@mitre.org	https://www.exploit-db.com/exploits/5968
af854a3a-2127-422b-91ae-364da2661108	http://www.netwinsite.com/surgemail/help/updates.htm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/496482
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30000	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/5968

Impacted products

	Vendor	Product	Version
	netwin	surgemail	3.9e

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:3.9e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B7F09A9-9719-47C2-8021-853F699A7553",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498.  NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el servicio IMAP en NetWin Surgemail v3.9e, y probablemente otras versiones anteriores a v3.9g2, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (parada) y probablemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un primer argumento largo en el comando APPEN, siendo un vector diferente que CVE-2008-1497 y CVE-2008-1498. NOTA: ante la falta de detalles, no est\u00e1 confirmado que sea la misma vulnerabilidad que CVE-2008-2859."
    }
  ],
  "id": "CVE-2008-7182",
  "lastModified": "2024-11-21T00:58:28.563",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-08T10:30:01.733",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/496482"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/30000"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/5968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/496482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/30000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/5968"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-09-17 14:55

Modified

2024-11-21 01:39

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.

References

▼	URL	Tags
	cret@cert.org	http://www.exploit-db.com/exploits/20363/	Exploit
	af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/20363/	Exploit

Impacted products

	Vendor	Product	Version
	netwin	surgemail	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:6.0:a4:*:*:*:*:*:*",
              "matchCriteriaId": "B9D9FC1C-B907-4FEC-8FC4-7CAFDAB072AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en NetWin SurgeMail v6.0a4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del atributo SRC de un elemento IFRAME en el cuerpo de un mensaje de correo electr\u00f3nico."
    }
  ],
  "id": "CVE-2012-2575",
  "lastModified": "2024-11-21T01:39:15.280",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-17T14:55:00.813",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/20363/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/20363/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-08-16 18:17

Modified

2024-11-21 00:35

Severity ?

Summary

Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

References

▼	URL	Tags
	cve@mitre.org	http://osvdb.org/46400
	cve@mitre.org	http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/46400
	af854a3a-2127-422b-91ae-364da2661108	http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078

Impacted products

	Vendor	Product	Version
	microsoft	windows_2003_server	*
	netwin	surgemail	38k

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgemail:38k:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E938F32-9C91-43C9-B8E9-8101AED6C713",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors.  NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en NetWin SurgeMail 38k en Windows Server 2003 tiene impacto y vectores desconocidos. NOTA: esta informaci\u00f3n est\u00e1 basada en informaci\u00f3n imprecisa que proviene de una organizaci\u00f3n de venta de informaci\u00f3n de vulnerabilidades que no se coordina con los fabricantes ni libera avisos con informaci\u00f3n \u00fatil. Se le ha asignado un identificador CVE con prop\u00f3sitos de seguimiento, siendo dif\u00edcil determinar si hay CVEs duplicados."
    }
  ],
  "id": "CVE-2007-4372",
  "lastModified": "2024-11-21T00:35:26.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-16T18:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/46400"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/46400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2004-2547

Vulnerability from cvelistv5

Published

2005-11-21 11:00

Modified

2024-08-08 01:29

Severity ?

Summary

NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/16319	vdb-entry, x_refsource_XF
	http://www.osvdb.org/6745	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/10483	vdb-entry, x_refsource_BID
	http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt	x_refsource_MISC
	http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html	mailing-list, x_refsource_FULLDISC
	http://secunia.com/advisories/11772	third-party-advisory, x_refsource_SECUNIA
	http://www.netwinsite.com/surgemail/help/updates.htm	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:29:14.042Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "surgemail-invalid-path-disclosure(16319)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16319"
          },
          {
            "name": "6745",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/6745"
          },
          {
            "name": "10483",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10483"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
          },
          {
            "name": "20040603 Surgemail - Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
          },
          {
            "name": "11772",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11772"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "surgemail-invalid-path-disclosure(16319)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16319"
        },
        {
          "name": "6745",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/6745"
        },
        {
          "name": "10483",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10483"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
        },
        {
          "name": "20040603 Surgemail - Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
        },
        {
          "name": "11772",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11772"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "surgemail-invalid-path-disclosure(16319)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16319"
            },
            {
              "name": "6745",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/6745"
            },
            {
              "name": "10483",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10483"
            },
            {
              "name": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt",
              "refsource": "MISC",
              "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
            },
            {
              "name": "20040603 Surgemail - Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
            },
            {
              "name": "11772",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11772"
            },
            {
              "name": "http://www.netwinsite.com/surgemail/help/updates.htm",
              "refsource": "CONFIRM",
              "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2547",
    "datePublished": "2005-11-21T11:00:00",
    "dateReserved": "2005-11-21T00:00:00",
    "dateUpdated": "2024-08-08T01:29:14.042Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1055

Vulnerability from cvelistv5

Published

2008-02-27 19:00

Modified

2024-08-07 08:08

Severity ?

Summary

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

References

▼	URL	Tags
	http://securityreason.com/securityalert/3705	third-party-advisory, x_refsource_SREASON
	http://aluigi.altervista.org/adv/surgemailz-adv.txt	x_refsource_MISC
	http://secunia.com/advisories/29137	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29105	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0678	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1019500	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/488741/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilities/40833	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/27990	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.236Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3705",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3705"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
          },
          {
            "name": "29137",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29137"
          },
          {
            "name": "29105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29105"
          },
          {
            "name": "ADV-2008-0678",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0678"
          },
          {
            "name": "1019500",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019500"
          },
          {
            "name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
          },
          {
            "name": "surgemail-webmail-format-string(40833)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
          },
          {
            "name": "27990",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27990"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3705",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3705"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
        },
        {
          "name": "29137",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29137"
        },
        {
          "name": "29105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29105"
        },
        {
          "name": "ADV-2008-0678",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0678"
        },
        {
          "name": "1019500",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019500"
        },
        {
          "name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
        },
        {
          "name": "surgemail-webmail-format-string(40833)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
        },
        {
          "name": "27990",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27990"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1055",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3705",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3705"
            },
            {
              "name": "http://aluigi.altervista.org/adv/surgemailz-adv.txt",
              "refsource": "MISC",
              "url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
            },
            {
              "name": "29137",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29137"
            },
            {
              "name": "29105",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29105"
            },
            {
              "name": "ADV-2008-0678",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0678"
            },
            {
              "name": "1019500",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019500"
            },
            {
              "name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
            },
            {
              "name": "surgemail-webmail-format-string(40833)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
            },
            {
              "name": "27990",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27990"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1055",
    "datePublished": "2008-02-27T19:00:00",
    "dateReserved": "2008-02-27T00:00:00",
    "dateUpdated": "2024-08-07T08:08:57.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4377

Vulnerability from cvelistv5

Published

2007-08-16 18:00

Modified

2024-08-07 14:53

Severity ?

Summary

Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372.

References

▼	URL	Tags
	http://marc.info/?l=full-disclosure&m=118710179924684&w=2	mailing-list, x_refsource_FULLDISC
	http://www.vupen.com/english/advisories/2007/2875	vdb-entry, x_refsource_VUPEN
	https://www.exploit-db.com/exploits/4287	exploit, x_refsource_EXPLOIT-DB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/36009	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/26464	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/25318	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:53:55.984Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
          },
          {
            "name": "ADV-2007-2875",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2875"
          },
          {
            "name": "4287",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4287"
          },
          {
            "name": "surgemail-imap-code-execution(36009)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
          },
          {
            "name": "26464",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26464"
          },
          {
            "name": "25318",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25318"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command.  NOTE: this might overlap CVE-2007-4372."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
        },
        {
          "name": "ADV-2007-2875",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2875"
        },
        {
          "name": "4287",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4287"
        },
        {
          "name": "surgemail-imap-code-execution(36009)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
        },
        {
          "name": "26464",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26464"
        },
        {
          "name": "25318",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25318"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4377",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command.  NOTE: this might overlap CVE-2007-4372."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
            },
            {
              "name": "ADV-2007-2875",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2875"
            },
            {
              "name": "4287",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4287"
            },
            {
              "name": "surgemail-imap-code-execution(36009)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
            },
            {
              "name": "26464",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26464"
            },
            {
              "name": "25318",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25318"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4377",
    "datePublished": "2007-08-16T18:00:00",
    "dateReserved": "2007-08-16T00:00:00",
    "dateUpdated": "2024-08-07T14:53:55.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-7182

Vulnerability from cvelistv5

Published

2009-09-08 10:00

Modified

2024-08-07 11:56

Severity ?

Summary

Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.

References

▼	URL	Tags
	https://www.exploit-db.com/exploits/5968	exploit, x_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/30000	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/archive/1/496482	mailing-list, x_refsource_BUGTRAQ
	http://www.netwinsite.com/surgemail/help/updates.htm	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:56:14.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "5968",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5968"
          },
          {
            "name": "30000",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30000"
          },
          {
            "name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496482"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498.  NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "5968",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/5968"
        },
        {
          "name": "30000",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30000"
        },
        {
          "name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496482"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-7182",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498.  NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "5968",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/5968"
            },
            {
              "name": "30000",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30000"
            },
            {
              "name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496482"
            },
            {
              "name": "http://www.netwinsite.com/surgemail/help/updates.htm",
              "refsource": "MISC",
              "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-7182",
    "datePublished": "2009-09-08T10:00:00",
    "dateReserved": "2009-09-07T00:00:00",
    "dateUpdated": "2024-08-07T11:56:14.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1054

Vulnerability from cvelistv5

Published

2008-02-27 19:00

Modified

2024-08-07 08:08

Severity ?

Summary

Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.

References

▼	URL	Tags
	http://securityreason.com/securityalert/3705	third-party-advisory, x_refsource_SREASON
	http://aluigi.altervista.org/adv/surgemailz-adv.txt	x_refsource_MISC
	http://secunia.com/advisories/29105	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0678	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1019500	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/488741/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/27992	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/40834	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3705",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3705"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
          },
          {
            "name": "29105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29105"
          },
          {
            "name": "ADV-2008-0678",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0678"
          },
          {
            "name": "1019500",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019500"
          },
          {
            "name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
          },
          {
            "name": "27992",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27992"
          },
          {
            "name": "surgemail-webmail-bo(40834)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3705",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3705"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
        },
        {
          "name": "29105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29105"
        },
        {
          "name": "ADV-2008-0678",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0678"
        },
        {
          "name": "1019500",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019500"
        },
        {
          "name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
        },
        {
          "name": "27992",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27992"
        },
        {
          "name": "surgemail-webmail-bo(40834)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1054",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3705",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3705"
            },
            {
              "name": "http://aluigi.altervista.org/adv/surgemailz-adv.txt",
              "refsource": "MISC",
              "url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
            },
            {
              "name": "29105",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29105"
            },
            {
              "name": "ADV-2008-0678",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0678"
            },
            {
              "name": "1019500",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019500"
            },
            {
              "name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
            },
            {
              "name": "27992",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27992"
            },
            {
              "name": "surgemail-webmail-bo(40834)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1054",
    "datePublished": "2008-02-27T19:00:00",
    "dateReserved": "2008-02-27T00:00:00",
    "dateUpdated": "2024-08-07T08:08:57.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-6457

Vulnerability from cvelistv5

Published

2007-12-20 00:00

Modified

2024-08-07 16:11

Severity ?

Summary

Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.

References

▼	URL	Tags
	http://secunia.com/advisories/28142	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/39087	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2007/4245	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/485224/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://securityreason.com/securityalert/3464	third-party-advisory, x_refsource_SREASON
	http://retrogod.altervista.org/rgod_surgemail_crash.html	x_refsource_MISC
	http://www.securityfocus.com/bid/26901	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:11:05.507Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28142",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28142"
          },
          {
            "name": "surgemail-hostheader-dos(39087)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
          },
          {
            "name": "ADV-2007-4245",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4245"
          },
          {
            "name": "20071217 SurgeMail v.38k4 webmail Host header crash",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
          },
          {
            "name": "3464",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3464"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
          },
          {
            "name": "26901",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26901"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28142",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28142"
        },
        {
          "name": "surgemail-hostheader-dos(39087)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
        },
        {
          "name": "ADV-2007-4245",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4245"
        },
        {
          "name": "20071217 SurgeMail v.38k4 webmail Host header crash",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
        },
        {
          "name": "3464",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3464"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
        },
        {
          "name": "26901",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26901"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6457",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28142",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28142"
            },
            {
              "name": "surgemail-hostheader-dos(39087)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
            },
            {
              "name": "ADV-2007-4245",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4245"
            },
            {
              "name": "20071217 SurgeMail v.38k4 webmail Host header crash",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
            },
            {
              "name": "3464",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3464"
            },
            {
              "name": "http://retrogod.altervista.org/rgod_surgemail_crash.html",
              "refsource": "MISC",
              "url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
            },
            {
              "name": "26901",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26901"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6457",
    "datePublished": "2007-12-20T00:00:00",
    "dateReserved": "2007-12-19T00:00:00",
    "dateUpdated": "2024-08-07T16:11:05.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-0846

Vulnerability from cvelistv5

Published

2005-03-24 05:00

Modified

2024-08-07 21:28

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field.

References

▼	URL	Tags
	http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article&group=netwin.surgemail&item=8814&utag=	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=111159967417903&w=2	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/14658	third-party-advisory, x_refsource_SECUNIA
	http://www.security.org.sg/vuln/surgemail22g3.html	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:28:28.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag="
          },
          {
            "name": "20050323 [SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=111159967417903\u0026w=2"
          },
          {
            "name": "14658",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14658"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.security.org.sg/vuln/surgemail22g3.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-03-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag="
        },
        {
          "name": "20050323 [SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=111159967417903\u0026w=2"
        },
        {
          "name": "14658",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14658"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.security.org.sg/vuln/surgemail22g3.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-0846",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag=",
              "refsource": "CONFIRM",
              "url": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag="
            },
            {
              "name": "20050323 [SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=111159967417903\u0026w=2"
            },
            {
              "name": "14658",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/14658"
            },
            {
              "name": "http://www.security.org.sg/vuln/surgemail22g3.html",
              "refsource": "MISC",
              "url": "http://www.security.org.sg/vuln/surgemail22g3.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-0846",
    "datePublished": "2005-03-24T05:00:00",
    "dateReserved": "2005-03-24T00:00:00",
    "dateUpdated": "2024-08-07T21:28:28.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3201

Vulnerability from cvelistv5

Published

2011-01-07 22:00

Modified

2024-08-07 03:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.

References

▼	URL	Tags
	https://www.exploit-db.com/exploits/34797/	exploit, x_refsource_EXPLOIT-DB
	http://www.securityfocus.com/archive/1/514115/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://ictsec.se/?p=108	x_refsource_MISC
	http://www.securityfocus.com/bid/43679	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/41685	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:18.689Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "34797",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/34797/"
          },
          {
            "name": "20101004 NetWin Surgemail XSS vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ictsec.se/?p=108"
          },
          {
            "name": "43679",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/43679"
          },
          {
            "name": "41685",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41685"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "34797",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/34797/"
        },
        {
          "name": "20101004 NetWin Surgemail XSS vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ictsec.se/?p=108"
        },
        {
          "name": "43679",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/43679"
        },
        {
          "name": "41685",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41685"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3201",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34797",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/34797/"
            },
            {
              "name": "20101004 NetWin Surgemail XSS vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
            },
            {
              "name": "http://ictsec.se/?p=108",
              "refsource": "MISC",
              "url": "http://ictsec.se/?p=108"
            },
            {
              "name": "43679",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/43679"
            },
            {
              "name": "41685",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41685"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3201",
    "datePublished": "2011-01-07T22:00:00",
    "dateReserved": "2010-08-31T00:00:00",
    "dateUpdated": "2024-08-07T03:03:18.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-2537

Vulnerability from cvelistv5

Published

2005-10-25 04:00

Modified

2024-08-08 01:29

Severity ?

Summary

Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."

References

▼	URL	Tags
	http://www.osvdb.org/12559	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/12086	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/18648	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/13621	third-party-advisory, x_refsource_SECUNIA
	http://netwinsite.com/surgemail/help/updates.htm	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:29:13.742Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "12559",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/12559"
          },
          {
            "name": "12086",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/12086"
          },
          {
            "name": "surgemail-webmail(18648)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18648"
          },
          {
            "name": "13621",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13621"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://netwinsite.com/surgemail/help/updates.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a \"Webmail security bug.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "12559",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/12559"
        },
        {
          "name": "12086",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/12086"
        },
        {
          "name": "surgemail-webmail(18648)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18648"
        },
        {
          "name": "13621",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13621"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://netwinsite.com/surgemail/help/updates.htm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a \"Webmail security bug.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "12559",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/12559"
            },
            {
              "name": "12086",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/12086"
            },
            {
              "name": "surgemail-webmail(18648)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18648"
            },
            {
              "name": "13621",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13621"
            },
            {
              "name": "http://netwinsite.com/surgemail/help/updates.htm",
              "refsource": "CONFIRM",
              "url": "http://netwinsite.com/surgemail/help/updates.htm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2537",
    "datePublished": "2005-10-25T04:00:00",
    "dateReserved": "2005-10-25T00:00:00",
    "dateUpdated": "2024-08-08T01:29:13.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11990

Vulnerability from cvelistv5

Published

2024-11-29 13:00

Modified

2024-11-29 13:25

Severity ?

4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Summary

A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.

References

▼	URL	Tags
	https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-netwin-surgemail

Impacted products

Vendor

Product

Version

▼

NetWin

SurgeMail

Version: 78c2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T13:24:50.391595Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T13:25:05.049Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SurgeMail",
          "vendor": "NetWin",
          "versions": [
            {
              "status": "affected",
              "version": "78c2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Cristhian Pacherres"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Mauricio Jara"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Alfredo Mari\u00f1os"
        }
      ],
      "datePublic": "2024-11-29T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters."
            }
          ],
          "value": "A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-29T13:00:57.502Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-netwin-surgemail"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability has been fixed by the NetWin team in version 78e."
            }
          ],
          "value": "The vulnerability has been fixed by the NetWin team in version 78e."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Cross-Site Scripting (XSS) en SurgeMail de NetWin",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2024-11990",
    "datePublished": "2024-11-29T13:00:57.502Z",
    "dateReserved": "2024-11-29T08:20:32.936Z",
    "dateUpdated": "2024-11-29T13:25:05.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-2655

Vulnerability from cvelistv5

Published

2007-05-14 21:00

Modified

2024-08-07 13:49

Severity ?

Summary

Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/34217	vdb-entry, x_refsource_XF
	http://osvdb.org/35891	vdb-entry, x_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/1755	vdb-entry, x_refsource_VUPEN
	http://www.netwinsite.com/surgemail/help/updates.htm	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/23908	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/25207	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:49:56.300Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "surgemail-unspecified-security-bypass(34217)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217"
          },
          {
            "name": "35891",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35891"
          },
          {
            "name": "ADV-2007-1755",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
          },
          {
            "name": "23908",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23908"
          },
          {
            "name": "25207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25207"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "surgemail-unspecified-security-bypass(34217)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217"
        },
        {
          "name": "35891",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35891"
        },
        {
          "name": "ADV-2007-1755",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
        },
        {
          "name": "23908",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23908"
        },
        {
          "name": "25207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25207"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2655",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "surgemail-unspecified-security-bypass(34217)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217"
            },
            {
              "name": "35891",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35891"
            },
            {
              "name": "ADV-2007-1755",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1755"
            },
            {
              "name": "http://www.netwinsite.com/surgemail/help/updates.htm",
              "refsource": "CONFIRM",
              "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
            },
            {
              "name": "23908",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23908"
            },
            {
              "name": "25207",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25207"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2655",
    "datePublished": "2007-05-14T21:00:00",
    "dateReserved": "2007-05-14T00:00:00",
    "dateUpdated": "2024-08-07T13:49:56.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2575

Vulnerability from cvelistv5

Published

2012-09-17 14:00

Modified

2024-09-16 20:37

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.

References

▼	URL	Tags
	http://www.exploit-db.com/exploits/20363/	exploit, x_refsource_EXPLOIT-DB

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:34:25.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20363",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/20363/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-17T14:00:00Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "20363",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/20363/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2012-2575",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20363",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/20363/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2012-2575",
    "datePublished": "2012-09-17T14:00:00Z",
    "dateReserved": "2012-05-09T00:00:00Z",
    "dateUpdated": "2024-09-16T20:37:44.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-0845

Vulnerability from cvelistv5

Published

2005-03-24 05:00

Modified

2024-08-07 21:28

Severity ?

Summary

Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter.

References

▼	URL	Tags
	http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article&group=netwin.surgemail&item=8814&utag=	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=111159967417903&w=2	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/14658	third-party-advisory, x_refsource_SECUNIA
	http://www.security.org.sg/vuln/surgemail22g3.html	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:28:28.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag="
          },
          {
            "name": "20050323 [SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=111159967417903\u0026w=2"
          },
          {
            "name": "14658",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14658"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.security.org.sg/vuln/surgemail22g3.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-03-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag="
        },
        {
          "name": "20050323 [SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=111159967417903\u0026w=2"
        },
        {
          "name": "14658",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14658"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.security.org.sg/vuln/surgemail22g3.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-0845",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag=",
              "refsource": "CONFIRM",
              "url": "http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article\u0026group=netwin.surgemail\u0026item=8814\u0026utag="
            },
            {
              "name": "20050323 [SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=111159967417903\u0026w=2"
            },
            {
              "name": "14658",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/14658"
            },
            {
              "name": "http://www.security.org.sg/vuln/surgemail22g3.html",
              "refsource": "MISC",
              "url": "http://www.security.org.sg/vuln/surgemail22g3.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-0845",
    "datePublished": "2005-03-24T05:00:00",
    "dateReserved": "2005-03-24T00:00:00",
    "dateUpdated": "2024-08-07T21:28:28.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-1714

Vulnerability from cvelistv5

Published

2005-05-24 04:00

Modified

2024-08-07 21:59

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

References

▼	URL	Tags
	http://www.vupen.com/english/advisories/2005/0576	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/15425	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:59:24.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2005-0576",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/0576"
          },
          {
            "name": "15425",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/15425"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-26T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2005-0576",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/0576"
        },
        {
          "name": "15425",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/15425"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1714",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2005-0576",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/0576"
            },
            {
              "name": "15425",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/15425"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1714",
    "datePublished": "2005-05-24T04:00:00",
    "dateReserved": "2005-05-24T00:00:00",
    "dateUpdated": "2024-08-07T21:59:24.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1497

Vulnerability from cvelistv5

Published

2008-03-25 19:00

Modified

2024-08-07 08:24

Severity ?

Summary

Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.

References

▼	URL	Tags
	http://securityreason.com/securityalert/3774	third-party-advisory, x_refsource_SREASON
	http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07	x_refsource_MISC
	http://secunia.com/advisories/29105	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/489959/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/28377	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/41402	vdb-entry, x_refsource_XF
	http://www.netwinsite.com/surgemail/help/updates.htm	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:24:42.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3774",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3774"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
          },
          {
            "name": "29105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29105"
          },
          {
            "name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
          },
          {
            "name": "28377",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28377"
          },
          {
            "name": "surgemail-imap-lsub-bo(41402)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3774",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3774"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
        },
        {
          "name": "29105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29105"
        },
        {
          "name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
        },
        {
          "name": "28377",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28377"
        },
        {
          "name": "surgemail-imap-lsub-bo(41402)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1497",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3774",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3774"
            },
            {
              "name": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07",
              "refsource": "MISC",
              "url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
            },
            {
              "name": "29105",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29105"
            },
            {
              "name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
            },
            {
              "name": "28377",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28377"
            },
            {
              "name": "surgemail-imap-lsub-bo(41402)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
            },
            {
              "name": "http://www.netwinsite.com/surgemail/help/updates.htm",
              "refsource": "MISC",
              "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1497",
    "datePublished": "2008-03-25T19:00:00",
    "dateReserved": "2008-03-25T00:00:00",
    "dateUpdated": "2024-08-07T08:24:42.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-2859

Vulnerability from cvelistv5

Published

2008-06-25 10:00

Modified

2024-08-07 09:14

Severity ?

Summary

Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."

References

▼	URL	Tags
	http://www.securitytracker.com/id?1020335	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/29805	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2008/1874/references	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/30739	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/43171	vdb-entry, x_refsource_XF
	http://www.netwinsite.com/surgemail/help/updates.htm	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:14:14.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1020335",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020335"
          },
          {
            "name": "29805",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29805"
          },
          {
            "name": "ADV-2008-1874",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1874/references"
          },
          {
            "name": "30739",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30739"
          },
          {
            "name": "surgemail-imap-dos(43171)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1020335",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020335"
        },
        {
          "name": "29805",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29805"
        },
        {
          "name": "ADV-2008-1874",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1874/references"
        },
        {
          "name": "30739",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30739"
        },
        {
          "name": "surgemail-imap-dos(43171)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2859",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1020335",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020335"
            },
            {
              "name": "29805",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29805"
            },
            {
              "name": "ADV-2008-1874",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1874/references"
            },
            {
              "name": "30739",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30739"
            },
            {
              "name": "surgemail-imap-dos(43171)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
            },
            {
              "name": "http://www.netwinsite.com/surgemail/help/updates.htm",
              "refsource": "CONFIRM",
              "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2859",
    "datePublished": "2008-06-25T10:00:00",
    "dateReserved": "2008-06-24T00:00:00",
    "dateUpdated": "2024-08-07T09:14:14.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1498

Vulnerability from cvelistv5

Published

2008-03-25 19:00

Modified

2024-08-07 08:24

Severity ?

Summary

Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.

References

▼	URL	Tags
	https://www.exploit-db.com/exploits/5259	exploit, x_refsource_EXPLOIT-DB
	http://secunia.com/advisories/29105	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/28260	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2008/0901/references	vdb-entry, x_refsource_VUPEN
	http://www.netwinsite.com/surgemail/help/updates.htm	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:24:41.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "5259",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5259"
          },
          {
            "name": "29105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29105"
          },
          {
            "name": "28260",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28260"
          },
          {
            "name": "ADV-2008-0901",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0901/references"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "5259",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/5259"
        },
        {
          "name": "29105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29105"
        },
        {
          "name": "28260",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28260"
        },
        {
          "name": "ADV-2008-0901",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0901/references"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1498",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "5259",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/5259"
            },
            {
              "name": "29105",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29105"
            },
            {
              "name": "28260",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28260"
            },
            {
              "name": "ADV-2008-0901",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0901/references"
            },
            {
              "name": "http://www.netwinsite.com/surgemail/help/updates.htm",
              "refsource": "MISC",
              "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1498",
    "datePublished": "2008-03-25T19:00:00",
    "dateReserved": "2008-03-25T00:00:00",
    "dateUpdated": "2024-08-07T08:24:41.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4372

Vulnerability from cvelistv5

Published

2007-08-16 18:00

Modified

2024-08-07 14:53

Severity ?

Summary

Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

References

▼	URL	Tags
	http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078	x_refsource_MISC
	http://osvdb.org/46400	vdb-entry, x_refsource_OSVDB

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:53:55.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078"
          },
          {
            "name": "46400",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/46400"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors.  NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-11-15T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078"
        },
        {
          "name": "46400",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/46400"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors.  NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078",
              "refsource": "MISC",
              "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078"
            },
            {
              "name": "46400",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/46400"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4372",
    "datePublished": "2007-08-16T18:00:00",
    "dateReserved": "2007-08-16T00:00:00",
    "dateUpdated": "2024-08-07T14:53:55.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-2548

Vulnerability from cvelistv5

Published

2005-11-21 11:00

Modified

2024-08-08 01:29

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).

References

▼	URL	Tags
	http://www.securityfocus.com/bid/10483	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/16320	vdb-entry, x_refsource_XF
	http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt	x_refsource_MISC
	http://www.osvdb.org/6746	vdb-entry, x_refsource_OSVDB
	http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html	mailing-list, x_refsource_FULLDISC
	http://secunia.com/advisories/11772	third-party-advisory, x_refsource_SECUNIA
	http://www.netwinsite.com/surgemail/help/updates.htm	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:29:14.076Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "10483",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10483"
          },
          {
            "name": "surgemail-username-xss(16320)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16320"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
          },
          {
            "name": "6746",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/6746"
          },
          {
            "name": "20040603 Surgemail - Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
          },
          {
            "name": "11772",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11772"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form.  NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "10483",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10483"
        },
        {
          "name": "surgemail-username-xss(16320)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16320"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
        },
        {
          "name": "6746",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/6746"
        },
        {
          "name": "20040603 Surgemail - Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
        },
        {
          "name": "11772",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11772"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form.  NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "10483",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10483"
            },
            {
              "name": "surgemail-username-xss(16320)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16320"
            },
            {
              "name": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt",
              "refsource": "MISC",
              "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
            },
            {
              "name": "6746",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/6746"
            },
            {
              "name": "20040603 Surgemail - Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
            },
            {
              "name": "11772",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11772"
            },
            {
              "name": "http://www.netwinsite.com/surgemail/help/updates.htm",
              "refsource": "MISC",
              "url": "http://www.netwinsite.com/surgemail/help/updates.htm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2548",
    "datePublished": "2005-11-21T11:00:00",
    "dateReserved": "2005-11-21T00:00:00",
    "dateUpdated": "2024-08-08T01:29:14.076Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

All the vulnerabilites related to netwin - surgemail

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5