Winmail Server
by Magicwinmail
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9846 | Hig | 0.57 | 8.8 | 0.03 | Jun 24, 2017 | Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder. | ||
| CVE-2003-0391 | 0.03 | — | 0.04 | Jul 2, 2003 | Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command. | |||
| CVE-2024-55492 | 0.00 | — | 0.00 | Dec 18, 2024 | Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS). |
- risk 0.57cvss 8.8epss 0.03
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.
- CVE-2003-0391Jul 2, 2003risk 0.03cvss —epss 0.04
Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command.
- CVE-2024-55492Dec 18, 2024risk 0.00cvss —epss 0.00
Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).