Alt-N MDaemon WorldClient Predictable Session ID

====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...

Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities

Exploit for windows platform in category web applications ====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== VULNERABILITY DESCRIPTION:...

Alt-N MDaemon WorldClient / WebAdmin Cross Site Request Forgery

===================================================================================== Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability ===================================================================================== Software: Alt-N MDaemon v13.0.3 and prior...

Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities

====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...

Alt-N MDaemon WorldClient And WebAdmin - Cross-Site Request Forgery

Alt-N MDaemon WorldClient And WebAdmin - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/58076/info MDaemon WorldClient and WebAdmin are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized...

Alt-N MDaemon WorldClient And WebAdmin - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/58076/info MDaemon WorldClient and WebAdmin are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are...

MDaemon WorldClient < 12.5.7 Multiple XSS Vulnerabilities

According to its banner, the version of MDaemon's WorldClient is earlier than 12.5.7 and is, therefore, affected by the following cross-site scripting vulnerabilities : - Input supplied in body of an email is not properly sanitized before being presented to the user. Specially crafted email...

MDaemon WorldClient < 12.0.3 Summary Page Email Subject XSS

According to its banner, the version of MDaemon's WorldClient webmail client running on this port is earlier than 12.0.3. The LookOut theme in such versions reportedly may interpret JavaScript in a message subject in the Summary view. By sending a specially crafted email to a user who reads mail...

Alt-N MDaemon 6.8.5 - WorldClient &#039;form2raw.cgi&#039; Remote Stack Buffer Overflow (Metasploit)

$Id: mdaemonworldclientform2raw.rb 9653 2010-07-01 23:33:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Alt-N MDaemon WorldClient Service Memory Corruption (CVE-2008-2631)

A memory corruption vulnerability exists in Alt-N Technologies MDaemon WorldClient. The vulnerability is due to a NULL pointer dereference in processing a malicious HTTP POST request. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the...

Alt-N MDaemon 11.0.1邮件列表订阅目录遍历漏洞

Alt-N MDaemon是一款基于Windows的邮件服务程序，WorldClient是其客户端。 MDaemon支持邮件列表功能。在配置邮件列表时，MDaemon会将邮件列表的配置存储在MDaemonDir（通常为 C:\MDaemon）\App目录下扩展名为grp的文件中，邮件列表组文件大致为： ---snip--- Mailing List file ; ListName = [email protected] ; Private = N ; HideFromAddressBook = N ; AllowExpn = Y ; ListNameInSubject = Y...

MDaemon Raw Message Handler Buffer Overflow (CVE-2003-1200)

WorldClient is a program listening on TCP/3000 and executing the CGI program Form2Raw, which processes HTTP requests. The vulnerable products do not require any user credentials to access the program. The specially crafted content will be passed unchecked to the vulnerable server program, MDaemon...

MDaemon <= 6.8.5 WorldClient form2raw.cgi Stack Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'MDaemon %q...

CVE-2008-6967

Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting XSS and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893...

Cross site scripting

Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting XSS and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893...

CVE-2008-6967

The CVE-2008-6967 entry concerns Alt-N MDaemon WorldClient in versions up to 10.0.1, with multiple unspecified vulnerabilities in WorldClient potentially involving cross-site scripting (XSS). The connected documents corroborate affected product (MDaemon/WorldClient), imply an XSS-related risk, an...

CVE-2008-6967

Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting XSS and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893...

CVE-2008-6893

Cross-site scripting XSS vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag...

Cross site scripting

Cross-site scripting XSS vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag...

CVE-2008-6893

Cross-site scripting XSS vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag...