Vulnerabilities > Netwin
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2318 | Denial Of Service vulnerability in SurgeFTP Surgeftpmgr.CGI The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | 5.0 |
2004-12-31 | CVE-2004-2254 | Authentication Bypass vulnerability in SurgeLDAP Web Administration SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. | 7.5 |
2004-12-31 | CVE-2004-2253 | Directory Traversal vulnerability in Netwin Surgeldap 1.0D/1.0E/1.0G Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2002-05-31 | CVE-2002-0310 | Unspecified vulnerability in Netwin Webnews Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879. | 7.5 |
2002-05-31 | CVE-2002-0290 | Remote Buffer Overflow vulnerability in Netwin Webnews 1.1H/1.1I/1.1J Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument. | 7.5 |
2002-05-31 | CVE-2002-0273 | Buffer Overflow vulnerability in Netwin CWMail Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter. | 4.6 |
2001-09-20 | CVE-2001-0698 | Information Disclosure vulnerability in Netwin SurgeFTP Server Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command. | 5.0 |
2001-09-20 | CVE-2001-0697 | Unspecified vulnerability in Netwin Surgeftp 1.1H NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command. | 5.0 |
2001-09-20 | CVE-2001-0696 | Denial of Service vulnerability in Netwin SurgeFTP Server MS-DOS Device Name NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con. | 5.0 |
2001-08-04 | CVE-2001-1356 | Weak Password Encryption vulnerability in SurgeFTP NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021. | 10.0 |