Surgemail

A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.

Published: 2024-11-29T13:00:57.502Z
Updated: 2024-11-29T13:25:05.049Z

Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.

Published: 2011-01-07T22:00:00.000Z
Updated: 2024-08-07T03:03:18.689Z

Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."

Published: 2008-06-25T10:00:00.000Z
Updated: 2024-08-07T09:14:14.899Z

Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.

Published: 2008-03-25T19:00:00.000Z
Updated: 2024-08-07T08:24:41.918Z

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

Published: 2008-02-27T19:00:00.000Z
Updated: 2024-08-07T08:08:57.236Z

Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).

Published: 2005-11-21T11:00:00.000Z
Updated: 2024-08-08T01:29:14.076Z