Shodan
Vulnerabilities
Vulnerable Software
Netwin:  Security Vulnerabilities
CVE-2006-5100
PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter.
CVSS Score
7.5
EPSS Score
0.087
Published
2006-10-03
CVE-2005-1714
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-05-24
CVE-2005-1478
Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command.
CVSS Score
7.5
EPSS Score
0.062
Published
2005-05-11
CVE-2005-1516
DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-05-11
CVE-2005-0845
Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter.
CVSS Score
5.0
EPSS Score
0.017
Published
2005-05-02
CVE-2005-0846
Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-05-02
CVE-2005-1034
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.
CVSS Score
5.0
EPSS Score
0.013
Published
2005-05-02
CVE-2004-2253
Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.
CVSS Score
5.0
EPSS Score
0.043
Published
2004-12-31
CVE-2004-2254
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
CVSS Score
7.5
EPSS Score
0.132
Published
2004-12-31
CVE-2004-2318
The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter.
CVSS Score
5.0
EPSS Score
0.016
Published
2004-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved