Filtered by vendor Netwin
Subscribe
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3768 | 1 Netwin | 1 Surgeftp | 2024-02-04 | 8.5 HIGH | N/A |
| The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. | |||||
| CVE-2005-0846 | 1 Netwin | 1 Surgemail | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field. | |||||
| CVE-2005-1478 | 1 Netwin | 1 Dmail | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command. | |||||
| CVE-2004-2318 | 1 Netwin | 1 Surgeftp | 2024-02-04 | 5.0 MEDIUM | N/A |
| The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | |||||
| CVE-2005-0845 | 1 Netwin | 1 Surgemail | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter. | |||||
| CVE-2005-1034 | 1 Netwin | 1 Surgeftp | 2024-02-04 | 5.0 MEDIUM | N/A |
| SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | |||||
| CVE-2005-1714 | 1 Netwin | 1 Surgemail | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2004-2548 | 1 Netwin | 2 Surgemail, Webmail | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547). | |||||
| CVE-2005-1516 | 1 Netwin | 1 Dmail | 2024-02-04 | 7.5 HIGH | N/A |
| DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function. | |||||
| CVE-2004-2547 | 1 Netwin | 2 Surgemail, Webmail | 2024-02-04 | 2.6 LOW | N/A |
| NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message. | |||||
| CVE-2004-2537 | 1 Netwin | 1 Surgemail | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug." | |||||
| CVE-2000-0608 | 1 Netwin | 2 Cwmail, Dmailweb | 2024-02-04 | 5.0 MEDIUM | N/A |
| NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost). | |||||
| CVE-2001-0697 | 1 Netwin | 1 Surgeftp | 2024-02-04 | 5.0 MEDIUM | N/A |
| NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command. | |||||
| CVE-2001-1356 | 1 Netwin | 1 Surgeftp | 2024-02-04 | 10.0 HIGH | N/A |
| NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021. | |||||
| CVE-2000-0609 | 1 Netwin | 2 Cwmail, Dmailweb | 2024-02-04 | 5.0 MEDIUM | N/A |
| NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to cause a denial of service via a long username parameter. | |||||
| CVE-2000-0782 | 1 Netwin | 1 Netauth | 2024-02-04 | 5.0 MEDIUM | N/A |
| netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2002-0290 | 1 Netwin | 1 Webnews | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument. | |||||
| CVE-2004-2253 | 1 Netwin | 1 Surgeldap | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. | |||||
| CVE-2004-2254 | 1 Netwin | 1 Surgeldap | 2024-02-04 | 7.5 HIGH | N/A |
| SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. | |||||
| CVE-2000-0423 | 1 Netwin | 1 Dnews | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag. | |||||