Netwin: >> Surgemail >> 3.7b8 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
CVSS Score
4.3
EPSS Score
0.021
Published
2011-01-07
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
CVSS Score
9.0
EPSS Score
0.107
Published
2008-03-25