Vulnerabilities > Netwin > Surgemail > 3.8f2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-01-07 | CVE-2010-3201 | Cross-Site Scripting vulnerability in Netwin Surgemail Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. | 4.3 |
| 2008-06-25 | CVE-2008-2859 | Denial of Service vulnerability in SurgeMail IMAP Command Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command." | 5.0 |
| 2008-03-25 | CVE-2008-1497 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netwin Surgemail Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command. | 9.0 |