Vulnerabilities > Netwin
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-03 | CVE-2006-5100 | Remote File Include vulnerability in Web//News Parser.PHP PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter. | 7.5 |
2005-05-24 | CVE-2005-1714 | Unspecified vulnerability in Netwin Surgemail 3.0C2 Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network netwin | 4.3 |
2005-05-11 | CVE-2005-1516 | Remote Authentication Bypass vulnerability in Netwin Dmail 3.1A DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function. | 7.5 |
2005-05-11 | CVE-2005-1478 | Remote Format String vulnerability in Netwin Dmail 3.1A/3.1B Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command. | 7.5 |
2005-05-02 | CVE-2005-1034 | Denial of Service vulnerability in Netwin Surgeftp 2.2K3/2.2M1 SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | 5.0 |
2005-05-02 | CVE-2005-0846 | Cross-Site Scripting vulnerability in Netwin Surgemail 2.2G3 Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field. network netwin | 4.3 |
2005-05-02 | CVE-2005-0845 | Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. | 5.0 |
2004-12-31 | CVE-2004-2548 | Input Validation vulnerability in Netwin Surgemail and Webmail Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. network netwin | 4.3 |
2004-12-31 | CVE-2004-2547 | Input Validation vulnerability in Netwin Surgemail and Webmail NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message. | 2.6 |
2004-12-31 | CVE-2004-2537 | Unspecified vulnerability in NetWin SurgeMail Webmail Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug." | 10.0 |