MDaemon <= 6.8.5 WorldClient form2raw.cgi Stack Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'MDaemon %q...

Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Mdaemon 8.0....

Alt-N MDaemon POP3 Server USER and APOP Commands Buffer Overflow (CVE-2006-4364)

Alt-N MDaemon is an email server product that supports a rich set of message exchanging protocols. The Post Office Protocol version 3 POP3 allows for the retrieving of electronic mail over a TCP/IP connection. The MDaemon POP3 server is a server side implementation of the protocol. The default...

MDaemon Content Filter Directory Traversal

MDaemon is a Windows-based email server that provides full mail server functionality. MDaemon supports the SMTP, IMAP and POP3 protocols. MDaemon provides Content Filter functionality to filter incoming email messages based on the headers and message content. RFC 2183 defines header fields in a...

CVE-2008-6967

Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting XSS and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893...

Cross site scripting

Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting XSS and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893...

CVE-2008-6967

The CVE-2008-6967 entry concerns Alt-N MDaemon WorldClient in versions up to 10.0.1, with multiple unspecified vulnerabilities in WorldClient potentially involving cross-site scripting (XSS). The connected documents corroborate affected product (MDaemon/WorldClient), imply an XSS-related risk, an...

CVE-2008-6967

Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting XSS and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893...

KLA10249 Vulnerability in MDaemon

Multiple unspecified vulnerabilities were found in MDaemon. By exploiting this vulnerability malicious users can have an unknown impact on vectors related to XSS. Original advisories - Related products MDaemon CVE list CVE-2008-6967 warning Solution Update to latest version Impacts SB Security...

CVE-2008-6893

Cross-site scripting XSS vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag...

Cross site scripting

Cross-site scripting XSS vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag...

CVE-2008-6893

Cross-site scripting XSS vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag...

CVE-2008-6893

The CVE-2008-6893 entry describes a Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2 when used with Internet Explorer 7. An attacker can inject arbitrary web script or HTML via a crafted img tag. The base information indicates a client/browser interaction enabling scri...

MDaemon WorldClient form2raw.cgi Stack Buffer Overflow

This module exploits a stack buffer overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed default, a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When...

Deerfield MDaemon Default Password (deprecated)

Binary data 4851.prm...

MDaemon Server < 10.0.2 WordClient Script Insertion Vulnerability

MDaemon is prone to a script insertion vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:altn:mdaemon"; ifdescriptio...

MDaemon WorldClient < 10.0.2 Email Handling XSS

The remote host is running Alt-N MDaemon, a mail server for Windows. According to its banner, a version of MDaemon mail server older than 10.0.2 is installed on the remote host. Such versions ship with a version of WorldClient a webmail client that is affected by a script injection vulnerability...

MDaemon WorldClient < 10.0.2 Script Injection

Binary data 4765.prm...

MDaemon Server WorldClient脚本注入漏洞

BUGTRAQ ID: 32355 Alt-N MDaemon是一款基于Windows的邮件服务程序，WorldClient是其客户端。 MDaemon的WorldClient客户端没有正确地过滤邮件中的某些HTML标签，如果远程攻击者在邮件中注入了恶意HTML和脚本代码的话，则用户在查看邮件的时候就会在浏览器会话中执行注入的内容。 Alt-N MDaemon 10.0.1 Alt-N ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.altn.com...

Null pointer dereference

The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...