VYPR

Winmail Server

by Magicwinmail

Source repositories

CVEs (3)

  • CVE-2017-9846HigJun 24, 2017
    risk 0.57cvss 8.8epss 0.03

    Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.

  • CVE-2003-0391Jul 2, 2003
    risk 0.03cvss epss 0.04

    Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command.

  • CVE-2024-55492Dec 18, 2024
    risk 0.00cvss epss 0.00

    Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).