640 matches found
CVE-2021-27182
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail aka WorldClient. It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user...
CVE-2021-27182
CVE-2021-27182 describes an IFRAME injection vulnerability in MDaemon Webmail (WorldClient) prior to version 20.0.4. The issue can be triggered via an email message and allows an attacker to execute actions with the privileges of the affected user, highlighting a client-side/iframe-based trust bo...
CVE-2021-27181
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the...
CVE-2021-27181
CVE-2021-27181 affects MDaemon before 20.0.4. Remote Administration allows manipulation of the anti-CSRF token via a crafted URL, enabling an attacker to trick an authenticated user into performing actions with the user’s privileges. Exploitation requires user interaction (visiting a malicious pa...
CVE-2021-27180
MDaemon Webmail (WorldClient) on versions before 20.0.4 has a reflected XSS vulnerability exploitable via a GET request . The flaw can allow an attacker to perform actions with the privileges of the attacked user, with a NETWORK attack vector , UI required , and I/L/C/L/A impacts as described by ...
CVE-2021-27180
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail aka WorldClient. It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user...
MDaemon Webmail 安全漏洞
MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. An arbitrary file write vulnerability exists in MDaemon Webmail versions prior to 20.0.4, which can be exploited by an attacker to create a new file anywhere on the file system, or ca...
MDaemon Webmail 跨站请求伪造漏洞
MDaemon Webmail is a server-side application used to provide mail services from MDaemon, Inc. in the United States. A security vulnerability exists in MDaemon Webmail versions prior to 20.0.4 that allows an attacker to immobilize an ANTI-CSRF token...
MDaemon Technologies WorldClient 跨站脚本漏洞
MDaemon Webmail is an application from MDaemon Inc. A cross-site scripting vulnerability exists in MDaemon Webmail versions prior to 20.0.4, which can be exploited to perform any action with the privileges of the attacked user via a GET request...
MDaemon Webmail Cross-Site Scripting Vulnerability (CNVD-2021-14734)
MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. A cross-site scripting vulnerability exists in MDaemon webmail 19.5.5, which allows attackers to execute code and XSS attacks while opening a contact list...
MDaemon Webmail Cross-Site Scripting Vulnerability
MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. A cross-site scripting vulnerability exists in MDaemon webmail 19.5.5 that allows an attacker to execute code on the email recipient's end while forwarding an email...
Alt-N MDaemon Webmail 20.0.0 Cross Site Scripting
Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail 3. We can see execution code and after saving it, each time we visits the distribution list...
Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)
Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail 3. We can see execution code and after saving it, each time we visits the distribution list...
Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)
Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail .jpg 2. Go to New mail, select recipient and the select attachment. Code gets executed as right...
Alt-N MDaemon Mail Server Detection Consolidation
Consolidation of Alt-N MDaemon Mail Server detections. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if...
CVE-2020-18724
Authenticated stored cross-site scripting XSS in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list...
CVE-2020-18724
Authenticated stored cross-site scripting XSS in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list...
CVE-2020-18723
Stored cross-site scripting XSS in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities...
CVE-2020-18723
Stored cross-site scripting XSS in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities...
Cross site scripting
Authenticated stored cross-site scripting XSS in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list...