Vulnerabilities > Netwin > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-11 | CVE-2007-5370 | Cross-Site Scripting vulnerability in Netwin Dnewsweb 57E1 Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter. | 4.3 |
| 2007-08-16 | CVE-2007-4377 | Remote Buffer Overflow vulnerability in Netwin Surgemail 38K Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. network netwin | 6.0 |
| 2007-07-15 | CVE-2007-3769 | Cross-Site Scripting vulnerability in SurgeFTP Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. network netwin | 5.8 |
| 2005-05-24 | CVE-2005-1714 | Unspecified vulnerability in Netwin Surgemail 3.0C2 Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network netwin | 4.3 |
| 2005-05-02 | CVE-2005-1034 | Denial of Service vulnerability in Netwin Surgeftp 2.2K3/2.2M1 SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | 5.0 |
| 2005-05-02 | CVE-2005-0846 | Cross-Site Scripting vulnerability in Netwin Surgemail 2.2G3 Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field. network netwin | 4.3 |
| 2005-05-02 | CVE-2005-0845 | Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. | 5.0 |
| 2004-12-31 | CVE-2004-2548 | Input Validation vulnerability in Netwin Surgemail and Webmail Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. network netwin | 4.3 |
| 2004-12-31 | CVE-2004-2318 | Denial Of Service vulnerability in SurgeFTP Surgeftpmgr.CGI The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | 5.0 |
| 2004-12-31 | CVE-2004-2253 | Directory Traversal vulnerability in Netwin Surgeldap 1.0D/1.0E/1.0G Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |