Youngzsoft
Products
3- 7 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12784 | Hig | 0.49 | 7.5 | 0.02 | Aug 21, 2017 | In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some… | ||
| CVE-2004-2416 | 0.08 | — | 0.61 | Dec 31, 2004 | Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||
| CVE-2008-6922 | 0.04 | — | 0.09 | Aug 10, 2009 | Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8)… | |||
| CVE-2003-0280 | 0.04 | — | 0.15 | Jun 16, 2003 | Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. | |||
| CVE-2002-0799 | 0.04 | — | 0.14 | Aug 12, 2002 | Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument. | |||
| CVE-2004-2685 | 0.03 | — | 0.11 | Dec 31, 2004 | Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416. | |||
| CVE-2008-6415 | 0.00 | — | 0.05 | Mar 6, 2009 | Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname. | |||
| CVE-2007-1991 | 0.00 | — | 0.01 | Apr 12, 2007 | Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. | |||
| CVE-2007-1927 | 0.00 | — | 0.01 | Apr 10, 2007 | Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. | |||
| CVE-2004-1130 | 0.00 | — | 0.01 | Jan 10, 2005 | Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments. | |||
| CVE-2004-1129 | 0.00 | — | 0.02 | Jan 10, 2005 | SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter. |
- risk 0.49cvss 7.5epss 0.02
In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some…
- CVE-2004-2416Dec 31, 2004risk 0.08cvss —epss 0.61
Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request.
- CVE-2008-6922Aug 10, 2009risk 0.04cvss —epss 0.09
Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8)…
- CVE-2003-0280Jun 16, 2003risk 0.04cvss —epss 0.15
Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
- CVE-2002-0799Aug 12, 2002risk 0.04cvss —epss 0.14
Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.
- CVE-2004-2685Dec 31, 2004risk 0.03cvss —epss 0.11
Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416.
- CVE-2008-6415Mar 6, 2009risk 0.00cvss —epss 0.05
Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname.
- CVE-2007-1991Apr 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.
- CVE-2007-1927Apr 10, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.
- CVE-2004-1130Jan 10, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments.
- CVE-2004-1129Jan 10, 2005risk 0.00cvss —epss 0.02
SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.