Netwin : Security Vulnerabilities, CVEs, Published In 2004
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
Max CVSS
4.3
EPSS Score
1.05%
Published
2004-12-31
Updated
2017-07-11
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
Max CVSS
2.6
EPSS Score
1.04%
Published
2004-12-31
Updated
2017-07-11
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
Max CVSS
10.0
EPSS Score
0.58%
Published
2004-12-31
Updated
2017-07-11
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
Max CVSS
7.5
EPSS Score
4.10%
Published
2004-12-31
Updated
2017-07-11
Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.
Max CVSS
5.0
EPSS Score
1.92%
Published
2004-12-31
Updated
2017-07-11
5 vulnerabilities found