VYPR
Vendor

Amax Information Technologies

Products
2
CVEs
8
Across products
8
Status
Private

Products

2

Recent CVEs

8
  • CVE-2005-3811Nov 25, 2005
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter.

  • CVE-2005-0313Jan 27, 2005
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to…

  • CVE-2003-0391Jul 2, 2003
    risk 0.03cvss epss 0.04

    Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command.

  • CVE-2020-23774Jan 26, 2021
    risk 0.00cvss epss 0.01

    A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.

  • CVE-2006-1250Mar 19, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors.

  • CVE-2005-3692Nov 19, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments.

  • CVE-2005-0315Jan 27, 2005
    risk 0.00cvss epss 0.01

    The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.

  • CVE-2004-2572Dec 31, 2004
    risk 0.00cvss epss 0.02

    AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error…