CVE-2022-25356

Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection...

ALIN MDaemon Security Gateway 安全漏洞

MDaemon Technologies ALIN MDaemon Security Gateway is a security gateway for email servers from MDaemon Technologies, USA. A security vulnerability exists in ALIN MDaemon Security Gateway version 8.5.0 and prior versions that originates from allowing XML injection...

shadowbroker

This repository, afei00123/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists the contents of the repository, which includes various exploits and tools, such as...

MDaemon Webmail IFRAME Injection Vulnerability

MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. An IFRAME injection vulnerability exists in MDaemon Webmail versions prior to 20.0.4, which can be exploited by an attacker to perform any action with the privileges of the attacked...

MDaemon Webmail Cross-Site Scripting Vulnerability

MDaemon Webmail is an application from MDaemon Inc. A cross-site scripting vulnerability exists in MDaemon Webmail versions prior to 20.0.4, which can be exploited to perform any action with the privileges of the attacked user via a GET request...

MDaemon Webmail Arbitrary File Write Vulnerability

MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. An arbitrary file write vulnerability exists in MDaemon Webmail versions prior to 20.0.4, which can be exploited by an attacker to create a new file anywhere on the file system, or ca...

CVE-2021-27183

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly...

CVE-2021-27181

An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the...

CVE-2021-27180

An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail aka WorldClient. It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user...

CVE-2021-27180

An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail aka WorldClient. It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user...

CVE-2021-27182

An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail aka WorldClient. It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user...

CVE-2021-27182

An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail aka WorldClient. It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user...

CVE-2021-27181

An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the...

CVE-2021-27183

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly...

Remote code execution

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly...

Cross site scripting

An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail aka WorldClient. It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user...

Design/Logic Flaw

An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail aka WorldClient. It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user...

Cross site request forgery (csrf)

An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the...

CVE-2021-27183

MDaemon Webmail before 20.0.4 contains an Arbitrary File Write vulnerability exploitable via Remote Administration. An attacker can create new files anywhere on the filesystem or modify existing files, with potential to achieve Remote Code Execution. Technical details across CNVD/CNNVD entries co...

CVE-2021-27183

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly...