Shodan
Vulnerabilities
Vulnerable Software
Netwin:  >> Surgemail  Security Vulnerabilities
CVE-2007-4377
Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372.
CVSS Score
6.0
EPSS Score
0.097
Published
2007-08-16
CVE-2007-2655
Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution.
CVSS Score
7.5
EPSS Score
0.025
Published
2007-05-14
CVE-2005-1714
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-05-24
CVE-2005-0845
Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter.
CVSS Score
5.0
EPSS Score
0.017
Published
2005-05-02
CVE-2005-0846
Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-05-02
CVE-2004-2537
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
CVSS Score
10.0
EPSS Score
0.005
Published
2004-12-31
CVE-2004-2547
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
CVSS Score
2.6
EPSS Score
0.16
Published
2004-12-31
CVE-2004-2548
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
CVSS Score
4.3
EPSS Score
0.113
Published
2004-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved