CVE-2018-17792

MDaemon Webmail formerly WorldClient has CSRF...

CVE-2018-17792

CVE-2018-17792 affects MDaemon Webmail (WorldClient). It is a Cross-Site Request Forgery (CSRF) in the web client. Exploitation could perform unintended actions for an authenticated user; CVSS2 base score 6.8 (MEDIUM) and CVSS3 base score 8.8 (HIGH) with network access, low attack complexity, no ...

CVE-2019-13612

MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB and limits checks to 10 MB even with special configuration, which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious...

CVE-2019-13612

MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB and limits checks to 10 MB even with special configuration, which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious...

Code injection

MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB and limits checks to 10 MB even with special configuration, which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious...

CVE-2019-13612

MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB and limits checks to 10 MB even with special configuration, which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious...

CVE-2019-13612

CVE-2019-13612 affects MDaemon Email Server 19 through 20.0.1, where SpamAssassin checks are skipped by default for email messages larger than 2 MB and checks are limited to 10 MB even with configured options. The issue arises from the server’s filtering behavior rather than a generic vulnerabili...

CVE-2019-8983

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS issue 1 of 2...

Cross site scripting

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS issue 2 of 2...

Cross site scripting

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS issue 1 of 2...

CVE-2019-8984

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS issue 2 of 2...

CVE-2019-8983

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS issue 1 of 2...

CVE-2019-8984

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS issue 2 of 2...

CVE-2019-8984

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS issue 2 of 2...

CVE-2019-8983

MDaemon Webmail 14.x–18.x prior to 18.5.2 is affected by a cross-site scripting (XSS) vulnerability in the Webmail interface (described as issue 1 of 2). Root cause details are not explicitly provided in the supplied sources. Mitigation: upgrade to 18.5.2 or later (as implied by the fixed version...

CVE-2019-8983

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS issue 1 of 2...

CVE-2019-8984

MDaemon Webmail 14.x–18.x before 18.5.2 contains a cross-site scripting (XSS) vulnerability in the web interface. Affected product: MDaemon Webmail; vulnerable versions: 14.x through 18.x prior to 18.5.2. Root cause not detailed in the provided documents. Remediation: upgrade to 18.5.2 or later (...

Alt-N MDaemon Remote Administration Detection

Binary data mdaemonwebadmindetect.nbin...

Alt-N MDaemon WebAdmin Unsupported Version Detection

According to its self-reported version number, the installation of MDaemon WebAdmin running on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities...

Alt-N MDaemon Remote Administration 13.0.x < 13.0.8 RCE (MD041917) (EASYBEE)

According to its self-reported version number, the MDaemon Remote Administration formerly WebAdmin application running on the remote web server is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request or payload, t...