youngzsoft 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー、vendor risk cross-site scripting, and vendor risk sql injection などに関し、一部は vendor impact memory corruption を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2008-6922 | Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc | [email protected] | 9.3 | 9.31% | 2009-08-10 | 2026-04-23 |
| CVE-2008-6415 | Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname. | [email protected] | 10.0 | 4.76% | 2009-03-06 | 2026-04-23 |
| CVE-2007-1991 | Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. | [email protected] | 4.3 | 1.02% | 2007-04-12 | 2026-04-23 |
| CVE-2007-1927 | Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. | [email protected] | 4.3 | 1.22% | 2007-04-10 | 2026-04-23 |
| CVE-2004-1130 | Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments. | [email protected] | 6.8 | 1.31% | 2005-01-10 | 2026-04-16 |
| CVE-2004-1129 | SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter. | [email protected] | 10.0 | 1.93% | 2005-01-10 | 2026-04-16 |
| CVE-2004-2685 | Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416. | [email protected] | 7.5 | 5.44% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2416 | Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request. | [email protected] | 7.5 | 60.59% | 2004-12-31 | 2026-04-16 |
| CVE-2003-0280 | Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. | [email protected] | 10.0 | 14.75% | 2003-06-16 | 2026-06-16 |
| CVE-2002-0799 | Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument. | [email protected] | 7.5 | 14.32% | 2002-08-12 | 2026-06-16 |