Netwin : Security Vulnerabilities, CVEs, Published In 2004

CVE-2004-2548

Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
Max CVSS
4.3
EPSS Score
1.05%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2547

NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
Max CVSS
2.6
EPSS Score
1.04%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2537

Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
Max CVSS
10.0
EPSS Score
0.58%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2254

SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
Max CVSS
7.5
EPSS Score
4.10%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2253

Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.
Max CVSS
5.0
EPSS Score
1.92%
Published
2004-12-31
Updated
2017-07-11
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close