CVE-2006-6704

Cross-site scripting XSS vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database."...

CVE-2006-6704

CVE-2006-6704 : The NVD entry describes a cross-site scripting (XSS) vulnerability in the Webadmin component of @Mail prior to version 4.6. The issue allows remote attackers to inject arbitrary web script or HTML via vectors involving unescaped data stored in the database. The provided sources in...

MailEnable WebAdmin绕过认证漏洞

MailEnable是一款商业性质的POP3和SMTP服务器。 MailEnable的WebAdmin登录进程实现上存在安全漏洞，攻击者可能利用此漏洞无需口令便可成功登录，获得非授权访问。 MailEnable MailEnable Professional Edition 2.32 MailEnable MailEnable Enterprise Edition 2.32 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mailenable.com/hotfix/ME-10019.ZIP...

MDaemon WebAdmin模块权限提升漏洞

WebAdmin是Alt-N开发的管理MDaemon、RelayFax和WorldClient的WEB应用程序。 由于没有正确的过滤管理界面的logfileview.wdm和configfileview.wdm文件，导致已认证的全局管理员可以通过类似于以下的方式访问基础文件系统： http://mdaemon:1000/configfileview.wdm?file=../../autoexec.bat http://mdaemon:1000/logfileview.wdm?type=webadmin&file=../../App/userlist.dat...

CVE-2006-4620

The usereditaccount.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox...

CVE-2006-4620

The usereditaccount.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox...

CVE-2006-4620

CVE-2006-4620 affects Alt-N WebAdmin 3.2.5 (and possibly earlier) used with MDaemon 9.0.6. The issue allows remote authenticated domain administrators to escalate privileges and access the system mail queue by modifying the MDaemon user mailbox to use another account’s mailbox. Public sources cor...

KLA10390 LPE vulnerability in WebAdmin

An nspecified vulnerability was found in WebAdmin. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely via mailbox manipulations. Original advisories - Related products WebAdmin CVE list CVE-2006-4620 warning Solution Update to latest...

[Full-disclosure] TTG0602 - Alt-N WebAdmin MDaemon Account Hijacking

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TTG0602 - Alt-N WebAdmin MDaemon Account Hijacking RELEASE DATE: September 4, 2006 VENDOR: Alt-N Technologies http://www.altn.com VULNERABLE: Tested on Alt-N WebAdmin v3.2.5 running with MDaemon v9.0.6, earlier versions are suspected vulnerable as wel...

WebAdmin < 3.2.6 MDaemon Account Hijacking

The remote host is running WebAdmin, a web-based remote administration tool for Alt-N MDaemon. According to its banner, the installed version of WebAdmin enables a domain administrator within the default domain to hijack the 'MDaemon' account used by MDaemon when processing remote server and...

altnwebadmin.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities RELEASE DATE: August 21st, 2006 VENDOR: Alt-N Technologies http://www.altn.com VULNERABLE: Tested on Alt-N WebAdmin v3.2.3/3.2.4 running with MDaemon v9.0.5, earlier versions are suspected vulnerable a...

CVE-2006-4370

Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file...

CVE-2006-4371

Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. dot dot in the file parameter to 1 logfileview.wdm and 2 configfileview.wdm...

CVE-2006-4371

Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. dot dot in the file parameter to 1 logfileview.wdm and 2 configfileview.wdm...

CVE-2006-4371

CVE-2006-4371 concerns Alt-N WebAdmin 3.2.3/3.2.4 (MDaemon 9.0.5, possibly earlier). The flaw is a directory traversal in the file parameter of the scripts logfile_view.wdm and configfile_view.wdm, allowing a remote authenticated global administrator to read arbitrary files. The issue is confirme...

CVE-2006-4370

Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file...

CVE-2006-4370

Affected software / component: Alt-N WebAdmin (versions 3.2.3–3.2.4 with MDaemon 9.0.5; possibly earlier). Root cause / vulnerability: A flaw in WebAdmin’s handling of authentication/authorization via the userlist.wdm mechanism allows a remote authenticated domain administrator to change a global...

Alt-N WebAdmin directory traversal

Directory traversal in few applications of administration server...

TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities RELEASE DATE: August 21st, 2006 VENDOR: Alt-N Technologies http://www.altn.com VULNERABLE: Tested on Alt-N WebAdmin v3.2.3/3.2.4 running with MDaemon v9.0.5, earlier versions are suspected vulnerable a...

WebAdmin < 3.2.5 Multiple Vulnerabilities

The remote host is running WebAdmin, a web-based remote administration tool for Alt-N MDaemon. According to its banner, the installed version of WebAdmin fails to properly filter directory traversal sequences from the 'file' parameter of the 'logfileview.wdm' and 'configfileview.wdm' scripts. A...