Search Results (52 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1478 1 Netwin 1 Dmail 2026-04-16 N/A
Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command.
CVE-2000-0608 1 Netwin 2 Cwmail, Dmailweb 2026-04-16 N/A
NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost).
CVE-2004-2318 1 Netwin 1 Surgeftp 2026-04-16 N/A
The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter.
CVE-2004-2537 1 Netwin 1 Surgemail 2026-04-16 N/A
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
CVE-2004-2547 1 Netwin 2 Surgemail, Webmail 2026-04-16 N/A
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
CVE-2000-0422 1 Netwin 1 Dmail 2026-04-16 N/A
Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter.
CVE-2002-0273 1 Netwin 1 Cwmail 2026-04-16 N/A
Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter.
CVE-2005-0845 1 Netwin 1 Surgemail 2026-04-16 N/A
Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter.
CVE-2005-0846 1 Netwin 1 Surgemail 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field.
CVE-2005-1516 1 Netwin 1 Dmail 2026-04-16 N/A
DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.
CVE-2000-0609 1 Netwin 2 Cwmail, Dmailweb 2026-04-16 N/A
NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to cause a denial of service via a long username parameter.
CVE-2000-0610 1 Netwin 2 Cwmail, Dmailweb 2026-04-16 N/A
NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return.
CVE-2000-0611 1 Netwin 2 Cwmail, Dmailweb 2026-04-16 N/A
The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service.
CVE-2000-0782 1 Netwin 1 Netauth 2026-04-16 N/A
netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2001-0697 1 Netwin 1 Surgeftp 2026-04-16 N/A
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
CVE-2001-0698 1 Netwin 1 Surgeftp 2026-04-16 N/A
Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.
CVE-2002-0290 1 Netwin 1 Webnews 2026-04-16 N/A
Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument.
CVE-2004-2253 1 Netwin 1 Surgeldap 2026-04-16 N/A
Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.
CVE-2004-2254 1 Netwin 1 Surgeldap 2026-04-16 N/A
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
CVE-2005-1034 1 Netwin 1 Surgeftp 2026-04-16 N/A
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.