Vulnerabilities > Youngzsoft > Cmailserver
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-10 | CVE-2008-6922 | Buffer Errors vulnerability in Youngzsoft Cmailserver 5.4.6 Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp. | 9.3 |
| 2007-04-12 | CVE-2007-1991 | Cross-Site Scripting vulnerability in Youngzsoft CMailServer Comment Parameter Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. network youngzsoft | 4.3 |
| 2007-04-10 | CVE-2007-1927 | Cross-Site Scripting vulnerability in Youngzsoft CMailServer Signup.ASP Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. network youngzsoft | 4.3 |
| 2005-01-10 | CVE-2004-1130 | Remote vulnerability in Youngzsoft Cmailserver 5.2.0 Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments. network youngzsoft | 6.8 |
| 2005-01-10 | CVE-2004-1129 | Remote vulnerability in Youngzsoft Cmailserver 5.2.0 SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter. | 10.0 |
| 2005-01-10 | CVE-2004-1128 | Remote vulnerability in Youngzsoft CMailServer Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long filename. | 10.0 |
| 2003-06-16 | CVE-2003-0280 | Buffer Overflow vulnerability in Youngzsoft Cmailserver 4.0.2003.23.27 Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. | 10.0 |
| 2002-08-12 | CVE-2002-0799 | Buffer Overflow vulnerability in Youngzsoft Cmailserver 3.30 Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument. | 7.5 |