GCVE - cpe:2.3:a:netwin:surgemail:3.9e:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:netwin:surgemail:3.9e:*:*:*:*:*:*:*

part: a version: 3.9e update: *

Vendor	Netwin (`84440f9c-0c8f-54f6-a00b-4d1ca5722029`)
Product	Surgemail (`e002b59c-cf4b-5828-aa83-0fdab9b59443`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-3201`	vulnerable	2026-06-08 04:55:13.698027	Details available Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. Published: 2011-01-07T22:00:00.000Z Updated: 2024-08-07T03:03:18.689Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/34797/ http://www.securityfocus.com/archive/1/514115/100/0/threaded http://ictsec.se/?p=108 http://www.securityfocus.com/bid/43679 http://secunia.com/advisories/41685	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-7182`	vulnerable	2026-06-08 04:51:05.842888	Details available Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859. Published: 2009-09-08T10:00:00.000Z Updated: 2024-08-07T11:56:14.481Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/5968 http://www.securityfocus.com/bid/30000 http://www.securityfocus.com/archive/1/496482 http://www.netwinsite.com/surgemail/help/updates.htm	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2859`	vulnerable	2026-06-08 04:50:32.442536	Details available Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command." Published: 2008-06-25T10:00:00.000Z Updated: 2024-08-07T09:14:14.899Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1020335 http://www.securityfocus.com/bid/29805 http://www.vupen.com/english/advisories/2008/1874/references http://secunia.com/advisories/30739 https://exchange.xforce.ibmcloud.com/vulnerabilities/43171	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.