Vulnerabilities > Netwin

DATE CVE VULNERABILITY TITLE RISK
2006-10-03 CVE-2006-5100 Remote File Include vulnerability in Web//News Parser.PHP
PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter.
network
low complexity
netwin
7.5
2005-05-24 CVE-2005-1714 Unspecified vulnerability in Netwin Surgemail 3.0C2
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
network
netwin
4.3
2005-05-11 CVE-2005-1516 Remote Authentication Bypass vulnerability in Netwin Dmail 3.1A
DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.
network
low complexity
netwin
7.5
2005-05-11 CVE-2005-1478 Remote Format String vulnerability in Netwin Dmail 3.1A/3.1B
Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command.
network
low complexity
netwin
7.5
2005-05-02 CVE-2005-1034 Denial of Service vulnerability in Netwin Surgeftp 2.2K3/2.2M1
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.
network
low complexity
netwin
5.0
2005-05-02 CVE-2005-0846 Cross-Site Scripting vulnerability in Netwin Surgemail 2.2G3
Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field.
network
netwin
4.3
2005-05-02 CVE-2005-0845 Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a ..
network
low complexity
netwin
5.0
2004-12-31 CVE-2004-2548 Input Validation vulnerability in Netwin Surgemail and Webmail
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form.
network
netwin
4.3
2004-12-31 CVE-2004-2547 Input Validation vulnerability in Netwin Surgemail and Webmail
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
network
high complexity
netwin
2.6
2004-12-31 CVE-2004-2537 Unspecified vulnerability in NetWin SurgeMail Webmail
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
network
low complexity
netwin
critical
10.0