Search criteria
36 vulnerabilities found for SurgeMail by NetWin
CVE-2024-11990 (GCVE-0-2024-11990)
Vulnerability from nvd – Published: 2024-11-29 13:00 – Updated: 2024-11-29 13:25
VLAI?
Title
Cross-Site Scripting (XSS) en SurgeMail de NetWin
Summary
A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Cristhian Pacherres
Mauricio Jara
Alfredo Mariños
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T13:24:50.391595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T13:25:05.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SurgeMail",
"vendor": "NetWin",
"versions": [
{
"status": "affected",
"version": "78c2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cristhian Pacherres"
},
{
"lang": "en",
"type": "finder",
"value": "Mauricio Jara"
},
{
"lang": "en",
"type": "finder",
"value": "Alfredo Mari\u00f1os"
}
],
"datePublic": "2024-11-29T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters."
}
],
"value": "A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T13:00:57.502Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-netwin-surgemail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by the NetWin team in version 78e."
}
],
"value": "The vulnerability has been fixed by the NetWin team in version 78e."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) en SurgeMail de NetWin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-11990",
"datePublished": "2024-11-29T13:00:57.502Z",
"dateReserved": "2024-11-29T08:20:32.936Z",
"dateUpdated": "2024-11-29T13:25:05.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2575 (GCVE-0-2012-2575)
Vulnerability from nvd – Published: 2012-09-17 14:00 – Updated: 2024-09-16 20:37
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/20363/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-17T14:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/20363/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20363",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20363/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2575",
"datePublished": "2012-09-17T14:00:00Z",
"dateReserved": "2012-05-09T00:00:00Z",
"dateUpdated": "2024-09-16T20:37:44.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3201 (GCVE-0-2010-3201)
Vulnerability from nvd – Published: 2011-01-07 22:00 – Updated: 2024-08-07 03:03
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41685"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34797",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"name": "http://ictsec.se/?p=108",
"refsource": "MISC",
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3201",
"datePublished": "2011-01-07T22:00:00",
"dateReserved": "2010-08-31T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7182 (GCVE-0-2008-7182)
Vulnerability from nvd – Published: 2009-09-08 10:00 – Updated: 2024-08-07 11:56
VLAI?
Summary
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5968",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5968",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5968",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7182",
"datePublished": "2009-09-08T10:00:00",
"dateReserved": "2009-09-07T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2859 (GCVE-0-2008-2859)
Vulnerability from nvd – Published: 2008-06-25 10:00 – Updated: 2024-08-07 09:14
VLAI?
Summary
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020335",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020335",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020335",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "CONFIRM",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2859",
"datePublished": "2008-06-25T10:00:00",
"dateReserved": "2008-06-24T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1498 (GCVE-0-2008-1498)
Vulnerability from nvd – Published: 2008-03-25 19:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5259",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1498",
"datePublished": "2008-03-25T19:00:00",
"dateReserved": "2008-03-25T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1497 (GCVE-0-2008-1497)
Vulnerability from nvd – Published: 2008-03-25 19:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3774",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3774",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3774",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3774"
},
{
"name": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07",
"refsource": "MISC",
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1497",
"datePublished": "2008-03-25T19:00:00",
"dateReserved": "2008-03-25T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1055 (GCVE-0-2008-1055)
Vulnerability from nvd – Published: 2008-02-27 19:00 – Updated: 2024-08-07 08:08
VLAI?
Summary
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3705",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3705"
},
{
"name": "http://aluigi.altervista.org/adv/surgemailz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1055",
"datePublished": "2008-02-27T19:00:00",
"dateReserved": "2008-02-27T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1054 (GCVE-0-2008-1054)
Vulnerability from nvd – Published: 2008-02-27 19:00 – Updated: 2024-08-07 08:08
VLAI?
Summary
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3705",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3705"
},
{
"name": "http://aluigi.altervista.org/adv/surgemailz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1054",
"datePublished": "2008-02-27T19:00:00",
"dateReserved": "2008-02-27T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6457 (GCVE-0-2007-6457)
Vulnerability from nvd – Published: 2007-12-20 00:00 – Updated: 2024-08-07 16:11
VLAI?
Summary
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:05.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3464"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3464"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3464"
},
{
"name": "http://retrogod.altervista.org/rgod_surgemail_crash.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6457",
"datePublished": "2007-12-20T00:00:00",
"dateReserved": "2007-12-19T00:00:00",
"dateUpdated": "2024-08-07T16:11:05.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4372 (GCVE-0-2007-4372)
Vulnerability from nvd – Published: 2007-08-16 18:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078"
},
{
"name": "46400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078"
},
{
"name": "46400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078",
"refsource": "MISC",
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078"
},
{
"name": "46400",
"refsource": "OSVDB",
"url": "http://osvdb.org/46400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4372",
"datePublished": "2007-08-16T18:00:00",
"dateReserved": "2007-08-16T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4377 (GCVE-0-2007-4377)
Vulnerability from nvd – Published: 2007-08-16 18:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
},
{
"name": "ADV-2007-2875",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2875"
},
{
"name": "4287",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4287"
},
{
"name": "surgemail-imap-code-execution(36009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
},
{
"name": "26464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26464"
},
{
"name": "25318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
},
{
"name": "ADV-2007-2875",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2875"
},
{
"name": "4287",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4287"
},
{
"name": "surgemail-imap-code-execution(36009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
},
{
"name": "26464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26464"
},
{
"name": "25318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
},
{
"name": "ADV-2007-2875",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2875"
},
{
"name": "4287",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4287"
},
{
"name": "surgemail-imap-code-execution(36009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
},
{
"name": "26464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26464"
},
{
"name": "25318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4377",
"datePublished": "2007-08-16T18:00:00",
"dateReserved": "2007-08-16T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2655 (GCVE-0-2007-2655)
Vulnerability from nvd – Published: 2007-05-14 21:00 – Updated: 2024-08-07 13:49
VLAI?
Summary
Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:56.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "surgemail-unspecified-security-bypass(34217)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217"
},
{
"name": "35891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35891"
},
{
"name": "ADV-2007-1755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"name": "23908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23908"
},
{
"name": "25207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "surgemail-unspecified-security-bypass(34217)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217"
},
{
"name": "35891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35891"
},
{
"name": "ADV-2007-1755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"name": "23908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23908"
},
{
"name": "25207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25207"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "surgemail-unspecified-security-bypass(34217)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217"
},
{
"name": "35891",
"refsource": "OSVDB",
"url": "http://osvdb.org/35891"
},
{
"name": "ADV-2007-1755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1755"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "CONFIRM",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"name": "23908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23908"
},
{
"name": "25207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25207"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2655",
"datePublished": "2007-05-14T21:00:00",
"dateReserved": "2007-05-14T00:00:00",
"dateUpdated": "2024-08-07T13:49:56.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11990 (GCVE-0-2024-11990)
Vulnerability from cvelistv5 – Published: 2024-11-29 13:00 – Updated: 2024-11-29 13:25
VLAI?
Title
Cross-Site Scripting (XSS) en SurgeMail de NetWin
Summary
A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Cristhian Pacherres
Mauricio Jara
Alfredo Mariños
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T13:24:50.391595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T13:25:05.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SurgeMail",
"vendor": "NetWin",
"versions": [
{
"status": "affected",
"version": "78c2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cristhian Pacherres"
},
{
"lang": "en",
"type": "finder",
"value": "Mauricio Jara"
},
{
"lang": "en",
"type": "finder",
"value": "Alfredo Mari\u00f1os"
}
],
"datePublic": "2024-11-29T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters."
}
],
"value": "A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T13:00:57.502Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-netwin-surgemail"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by the NetWin team in version 78e."
}
],
"value": "The vulnerability has been fixed by the NetWin team in version 78e."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) en SurgeMail de NetWin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-11990",
"datePublished": "2024-11-29T13:00:57.502Z",
"dateReserved": "2024-11-29T08:20:32.936Z",
"dateUpdated": "2024-11-29T13:25:05.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2575 (GCVE-0-2012-2575)
Vulnerability from cvelistv5 – Published: 2012-09-17 14:00 – Updated: 2024-09-16 20:37
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/20363/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-17T14:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/20363/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20363",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20363/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2575",
"datePublished": "2012-09-17T14:00:00Z",
"dateReserved": "2012-05-09T00:00:00Z",
"dateUpdated": "2024-09-16T20:37:44.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3201 (GCVE-0-2010-3201)
Vulnerability from cvelistv5 – Published: 2011-01-07 22:00 – Updated: 2024-08-07 03:03
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41685"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34797",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"name": "http://ictsec.se/?p=108",
"refsource": "MISC",
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3201",
"datePublished": "2011-01-07T22:00:00",
"dateReserved": "2010-08-31T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7182 (GCVE-0-2008-7182)
Vulnerability from cvelistv5 – Published: 2009-09-08 10:00 – Updated: 2024-08-07 11:56
VLAI?
Summary
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5968",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5968",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5968",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5968"
},
{
"name": "30000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30000"
},
{
"name": "20080917 [AJECT] SurgeMail IMAP 3.9e vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496482"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7182",
"datePublished": "2009-09-08T10:00:00",
"dateReserved": "2009-09-07T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2859 (GCVE-0-2008-2859)
Vulnerability from cvelistv5 – Published: 2008-06-25 10:00 – Updated: 2024-08-07 09:14
VLAI?
Summary
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020335",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020335",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020335",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020335"
},
{
"name": "29805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29805"
},
{
"name": "ADV-2008-1874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1874/references"
},
{
"name": "30739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30739"
},
{
"name": "surgemail-imap-dos(43171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "CONFIRM",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2859",
"datePublished": "2008-06-25T10:00:00",
"dateReserved": "2008-06-24T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1498 (GCVE-0-2008-1498)
Vulnerability from cvelistv5 – Published: 2008-03-25 19:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5259",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5259"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "28260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28260"
},
{
"name": "ADV-2008-0901",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0901/references"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1498",
"datePublished": "2008-03-25T19:00:00",
"dateReserved": "2008-03-25T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1497 (GCVE-0-2008-1497)
Vulnerability from cvelistv5 – Published: 2008-03-25 19:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3774",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3774",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3774",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3774"
},
{
"name": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07",
"refsource": "MISC",
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "20080321 [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"name": "28377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28377"
},
{
"name": "surgemail-imap-lsub-bo(41402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1497",
"datePublished": "2008-03-25T19:00:00",
"dateReserved": "2008-03-25T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1055 (GCVE-0-2008-1055)
Vulnerability from cvelistv5 – Published: 2008-02-27 19:00 – Updated: 2024-08-07 08:08
VLAI?
Summary
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3705",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3705"
},
{
"name": "http://aluigi.altervista.org/adv/surgemailz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29137"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "surgemail-webmail-format-string(40833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40833"
},
{
"name": "27990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1055",
"datePublished": "2008-02-27T19:00:00",
"dateReserved": "2008-02-27T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1054 (GCVE-0-2008-1054)
Vulnerability from cvelistv5 – Published: 2008-02-27 19:00 – Updated: 2024-08-07 08:08
VLAI?
Summary
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3705",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3705",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3705"
},
{
"name": "http://aluigi.altervista.org/adv/surgemailz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/surgemailz-adv.txt"
},
{
"name": "29105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29105"
},
{
"name": "ADV-2008-0678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0678"
},
{
"name": "1019500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019500"
},
{
"name": "20080225 Format string and buffer-overflow in SurgeMail 38k4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488741/100/0/threaded"
},
{
"name": "27992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27992"
},
{
"name": "surgemail-webmail-bo(40834)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1054",
"datePublished": "2008-02-27T19:00:00",
"dateReserved": "2008-02-27T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6457 (GCVE-0-2007-6457)
Vulnerability from cvelistv5 – Published: 2007-12-20 00:00 – Updated: 2024-08-07 16:11
VLAI?
Summary
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:05.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3464"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3464"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28142"
},
{
"name": "surgemail-hostheader-dos(39087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39087"
},
{
"name": "ADV-2007-4245",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4245"
},
{
"name": "20071217 SurgeMail v.38k4 webmail Host header crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485224/100/0/threaded"
},
{
"name": "3464",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3464"
},
{
"name": "http://retrogod.altervista.org/rgod_surgemail_crash.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/rgod_surgemail_crash.html"
},
{
"name": "26901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6457",
"datePublished": "2007-12-20T00:00:00",
"dateReserved": "2007-12-19T00:00:00",
"dateUpdated": "2024-08-07T16:11:05.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4372 (GCVE-0-2007-4372)
Vulnerability from cvelistv5 – Published: 2007-08-16 18:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078"
},
{
"name": "46400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078"
},
{
"name": "46400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078",
"refsource": "MISC",
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000078"
},
{
"name": "46400",
"refsource": "OSVDB",
"url": "http://osvdb.org/46400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4372",
"datePublished": "2007-08-16T18:00:00",
"dateReserved": "2007-08-16T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4377 (GCVE-0-2007-4377)
Vulnerability from cvelistv5 – Published: 2007-08-16 18:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
},
{
"name": "ADV-2007-2875",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2875"
},
{
"name": "4287",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4287"
},
{
"name": "surgemail-imap-code-execution(36009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
},
{
"name": "26464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26464"
},
{
"name": "25318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
},
{
"name": "ADV-2007-2875",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2875"
},
{
"name": "4287",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4287"
},
{
"name": "surgemail-imap-code-execution(36009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
},
{
"name": "26464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26464"
},
{
"name": "25318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070814 Stop WabiSabiLabi Hacker Oppression NOW",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=118710179924684\u0026w=2"
},
{
"name": "ADV-2007-2875",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2875"
},
{
"name": "4287",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4287"
},
{
"name": "surgemail-imap-code-execution(36009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36009"
},
{
"name": "26464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26464"
},
{
"name": "25318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4377",
"datePublished": "2007-08-16T18:00:00",
"dateReserved": "2007-08-16T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2655 (GCVE-0-2007-2655)
Vulnerability from cvelistv5 – Published: 2007-05-14 21:00 – Updated: 2024-08-07 13:49
VLAI?
Summary
Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:56.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "surgemail-unspecified-security-bypass(34217)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217"
},
{
"name": "35891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35891"
},
{
"name": "ADV-2007-1755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"name": "23908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23908"
},
{
"name": "25207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "surgemail-unspecified-security-bypass(34217)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217"
},
{
"name": "35891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35891"
},
{
"name": "ADV-2007-1755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"name": "23908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23908"
},
{
"name": "25207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25207"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "surgemail-unspecified-security-bypass(34217)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34217"
},
{
"name": "35891",
"refsource": "OSVDB",
"url": "http://osvdb.org/35891"
},
{
"name": "ADV-2007-1755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1755"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "CONFIRM",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"name": "23908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23908"
},
{
"name": "25207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25207"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2655",
"datePublished": "2007-05-14T21:00:00",
"dateReserved": "2007-05-14T00:00:00",
"dateUpdated": "2024-08-07T13:49:56.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2548 (GCVE-0-2004-2548)
Vulnerability from cvelistv5 – Published: 2005-11-21 11:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10483"
},
{
"name": "surgemail-username-xss(16320)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16320"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
},
{
"name": "6746",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6746"
},
{
"name": "20040603 Surgemail - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
},
{
"name": "11772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10483"
},
{
"name": "surgemail-username-xss(16320)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16320"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
},
{
"name": "6746",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6746"
},
{
"name": "20040603 Surgemail - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
},
{
"name": "11772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10483"
},
{
"name": "surgemail-username-xss(16320)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16320"
},
{
"name": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt",
"refsource": "MISC",
"url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
},
{
"name": "6746",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6746"
},
{
"name": "20040603 Surgemail - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
},
{
"name": "11772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11772"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "MISC",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2548",
"datePublished": "2005-11-21T11:00:00",
"dateReserved": "2005-11-21T00:00:00",
"dateUpdated": "2024-08-08T01:29:14.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2547 (GCVE-0-2004-2547)
Vulnerability from cvelistv5 – Published: 2005-11-21 11:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "surgemail-invalid-path-disclosure(16319)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16319"
},
{
"name": "6745",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6745"
},
{
"name": "10483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10483"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
},
{
"name": "20040603 Surgemail - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
},
{
"name": "11772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11772"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "surgemail-invalid-path-disclosure(16319)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16319"
},
{
"name": "6745",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6745"
},
{
"name": "10483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10483"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
},
{
"name": "20040603 Surgemail - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
},
{
"name": "11772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11772"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "surgemail-invalid-path-disclosure(16319)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16319"
},
{
"name": "6745",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6745"
},
{
"name": "10483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10483"
},
{
"name": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt",
"refsource": "MISC",
"url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt"
},
{
"name": "20040603 Surgemail - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html"
},
{
"name": "11772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11772"
},
{
"name": "http://www.netwinsite.com/surgemail/help/updates.htm",
"refsource": "CONFIRM",
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2547",
"datePublished": "2005-11-21T11:00:00",
"dateReserved": "2005-11-21T00:00:00",
"dateUpdated": "2024-08-08T01:29:14.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2537 (GCVE-0-2004-2537)
Vulnerability from cvelistv5 – Published: 2005-10-25 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12559"
},
{
"name": "12086",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12086"
},
{
"name": "surgemail-webmail(18648)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18648"
},
{
"name": "13621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netwinsite.com/surgemail/help/updates.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a \"Webmail security bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12559"
},
{
"name": "12086",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12086"
},
{
"name": "surgemail-webmail(18648)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18648"
},
{
"name": "13621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netwinsite.com/surgemail/help/updates.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a \"Webmail security bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12559",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12559"
},
{
"name": "12086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12086"
},
{
"name": "surgemail-webmail(18648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18648"
},
{
"name": "13621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13621"
},
{
"name": "http://netwinsite.com/surgemail/help/updates.htm",
"refsource": "CONFIRM",
"url": "http://netwinsite.com/surgemail/help/updates.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2537",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1714 (GCVE-0-2005-1714)
Vulnerability from cvelistv5 – Published: 2005-05-24 04:00 – Updated: 2024-08-07 21:59
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-0576",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0576"
},
{
"name": "15425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-0576",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0576"
},
{
"name": "15425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15425"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-0576",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0576"
},
{
"name": "15425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15425"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1714",
"datePublished": "2005-05-24T04:00:00",
"dateReserved": "2005-05-24T00:00:00",
"dateUpdated": "2024-08-07T21:59:24.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}