559 matches found
CVE-2006-4620
CVE-2006-4620 affects Alt-N WebAdmin 3.2.5 (and possibly earlier) used with MDaemon 9.0.6. The issue allows remote authenticated domain administrators to escalate privileges and access the system mail queue by modifying the MDaemon user mailbox to use another account’s mailbox. Public sources cor...
KLA10390 LPE vulnerability in WebAdmin
An nspecified vulnerability was found in WebAdmin. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely via mailbox manipulations. Original advisories - Related products WebAdmin CVE list CVE-2006-4620 warning Solution Update to latest...
WebAdmin < 3.2.6 MDaemon Account Hijacking
The remote host is running WebAdmin, a web-based remote administration tool for Alt-N MDaemon. According to its banner, the installed version of WebAdmin enables a domain administrator within the default domain to hijack the 'MDaemon' account used by MDaemon when processing remote server and...
[Full-disclosure] TTG0602 - Alt-N WebAdmin MDaemon Account Hijacking
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TTG0602 - Alt-N WebAdmin MDaemon Account Hijacking RELEASE DATE: September 4, 2006 VENDOR: Alt-N Technologies http://www.altn.com VULNERABLE: Tested on Alt-N WebAdmin v3.2.5 running with MDaemon v9.0.6, earlier versions are suspected vulnerable as wel...
altnwebadmin.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities RELEASE DATE: August 21st, 2006 VENDOR: Alt-N Technologies http://www.altn.com VULNERABLE: Tested on Alt-N WebAdmin v3.2.3/3.2.4 running with MDaemon v9.0.5, earlier versions are suspected vulnerable a...
CVE-2006-4370
Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file...
CVE-2006-4371
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. dot dot in the file parameter to 1 logfileview.wdm and 2 configfileview.wdm...
CVE-2006-4371
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. dot dot in the file parameter to 1 logfileview.wdm and 2 configfileview.wdm...
CVE-2006-4370
Affected software / component: Alt-N WebAdmin (versions 3.2.3–3.2.4 with MDaemon 9.0.5; possibly earlier). Root cause / vulnerability: A flaw in WebAdmin’s handling of authentication/authorization via the userlist.wdm mechanism allows a remote authenticated domain administrator to change a global...
CVE-2006-4370
Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file...
CVE-2006-4371
CVE-2006-4371 concerns Alt-N WebAdmin 3.2.3/3.2.4 (MDaemon 9.0.5, possibly earlier). The flaw is a directory traversal in the file parameter of the scripts logfile_view.wdm and configfile_view.wdm, allowing a remote authenticated global administrator to read arbitrary files. The issue is confirme...
TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities RELEASE DATE: August 21st, 2006 VENDOR: Alt-N Technologies http://www.altn.com VULNERABLE: Tested on Alt-N WebAdmin v3.2.3/3.2.4 running with MDaemon v9.0.5, earlier versions are suspected vulnerable a...
Alt-N WebAdmin directory traversal
Directory traversal in few applications of administration server...
WebAdmin < 3.2.5 Multiple Vulnerabilities
The remote host is running WebAdmin, a web-based remote administration tool for Alt-N MDaemon. According to its banner, the installed version of WebAdmin fails to properly filter directory traversal sequences from the 'file' parameter of the 'logfileview.wdm' and 'configfileview.wdm' scripts. A...
[SA21558] WebAdmin Account Manipulation and Arbitrary File Disclosure
TITLE: WebAdmin Account Manipulation and Arbitrary File Disclosure SECUNIA ADVISORY ID: SA21558 VERIFY ADVISORY: http://secunia.com/advisories/21558/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information, Exposure of sensitive information WHERE: From remote SOFTWARE...
Cross-site achieve HTTP session hijacking-vulnerability warning-the black bar safety net
A Web application is by 2 ways to determine and keep track of different users: a Cookie or Session also called session-Cookie is. Wherein the Cookie is stored on the local computer, the expiration time is very long, so for the Cookie of the means of attack is generally to steal user Cookies and...
MDaemon WebAdmin 2.0.X SQL injection
No description provided by source. Exploit Title: MDaemon WebAdmin 2.0.X SQL injection Date: 2006/5/26 Author: KOUSULIN Software Link: http://archive.altn.com/WebAdmin/Archive/2.0.8/wa208en.exe Version: WebAdmin 2.0.X Tested on: Windows 2003 CVE : N/A Code : /WebAdmin.dll?Session='ACCESS SQL...
MDaemon WebAdmin 2.0.x - SQL Injection
Exploit Title: MDaemon WebAdmin 2.0.X SQL injection Date: 2006/5/26 Author: KOUSULIN Software Link: http://archive.altn.com/WebAdmin/Archive/2.0.8/wa208en.exe Version: WebAdmin 2.0.X Tested on: Windows 2003 CVE : N/A Code : /WebAdmin.dll?Session='ACCESS SQL INJ&View=User...
MDaemon WebAdmin 2.0.x - SQL Injection
MDaemon WebAdmin 2.0.x - SQL Injection Exploit Title: MDaemon WebAdmin 2.0.X SQL injection Date: 2006/5/26 Author: KOUSULIN Software Link: http://archive.altn.com/WebAdmin/Archive/2.0.8/wa208en.exe Version: WebAdmin 2.0.X Tested on: Windows 2003 CVE : N/A Code : /WebAdmin.dll?Session='ACCESS SQL...
VisNetic / Merak Mail Server multiple flaws
The remote webmail server is affected by multiple vulnerabilities which may allow an attacker to execute arbitrary commands on the remote host. Description: The remote host is running VisNetic / Merak Mail Server, a multi-featured mail server for Windows. The webmail and webadmin services include...