120 matches found
CVE-2008-6893
Cross-site scripting XSS vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag...
MDaemon WorldClient form2raw.cgi Stack Buffer Overflow
This module exploits a stack buffer overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed default, a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When...
MDaemon WorldClient < 10.0.2 Script Injection
Binary data 4765.prm...
MDaemon WorldClient < 10.0.2 Email Handling XSS
The remote host is running Alt-N MDaemon, a mail server for Windows. According to its banner, a version of MDaemon mail server older than 10.0.2 is installed on the remote host. Such versions ship with a version of WorldClient a webmail client that is affected by a script injection vulnerability...
MDaemon Server WorldClient脚本注入漏洞
BUGTRAQ ID: 32355 Alt-N MDaemon是一款基于Windows的邮件服务程序,WorldClient是其客户端。 MDaemon的WorldClient客户端没有正确地过滤邮件中的某些HTML标签,如果远程攻击者在邮件中注入了恶意HTML和脚本代码的话,则用户在查看邮件的时候就会在浏览器会话中执行注入的内容。 Alt-N MDaemon 10.0.1 Alt-N ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.altn.com...
MDaemon WorldClient远程拒绝服务及栈溢出漏洞
Alt-N MDaemon是一款基于Windows的邮件服务程序,WorldClient是其客户端。 WordClient客户端(默认监听于TCP 3000端口)在处理对其发送的HTTP请求时存在空指针引用错误,如果远程攻击者向WorldClient.dll发送了特制的HTTP POST请求的话,就可能导致客户端崩溃。 WordClient接口在处理带有超长Subject字段的Reply请求时存在栈溢出漏洞,如果远程攻击者从WordClient接口发送了特制邮件的话就可以触发这个溢出,导致执行任意代码。成功利用这个漏洞要求在服务器上拥有有效的邮件帐号。 Alt-N MDaemon =...
Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflows (PoC)
Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflows PoC MDaemon == v9.6.5 Multiple Remote Buffer Overflow Vendor Site: http://altn.com Risk : Highly Critical hehe funny bugs here .. the worldclient use the port 3000 for a webmail like it use also an admin webmail located at port 1000 by defaul...
CVE-2006-5709
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."...
CVE-2006-5708
Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service memory consumption via unspecified vectors resulting in memory leaks...
CVE-2006-5708
MDaemon and WorldClient (Alt‑N Technologies MDaemon) before 9.50 are affected by CVE-2006-5708 due to multiple unspecified vulnerabilities that allow a denial of service via memory consumption leading to memory leaks. The issue affects MDaemon and WorldClient prior to version 9.50. Root cause vec...
CVE-2006-5709
Technical details about CVE-2006-5709 are not publicly provided in the supplied documents. Monitor for updates; no affected products, exploit info, or remediation details are confirmed here.
CVE-2006-5709
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."...
MDaemon WorldClient form2raw.cgi From buffer overflow
Added: 09/18/2006 CVE: CVE-2003-1200 BID: 9317 OSVDB: 3255 Background MDaemon is an e-mail server product for Windows. It includes a web mail component called WorldClient. Problem A buffer overflow in MDaemon WorldClient allows remote command execution by sending a web request for the form2raw.cg...
MDaemon WorldClient form2raw.cgi From buffer overflow
Added: 09/18/2006 CVE: CVE-2003-1200 BID: 9317 OSVDB: 3255 Background MDaemon is an e-mail server product for Windows. It includes a web mail component called WorldClient. Problem A buffer overflow in MDaemon WorldClient allows remote command execution by sending a web request for the form2raw.cg...
MDaemon WorldClient form2raw.cgi From buffer overflow
Added: 09/18/2006 CVE: CVE-2003-1200 BID: 9317 OSVDB: 3255 Background MDaemon is an e-mail server product for Windows. It includes a web mail component called WorldClient. Problem A buffer overflow in MDaemon WorldClient allows remote command execution by sending a web request for the form2raw.cg...
MDaemon WorldClient form2raw.cgi From buffer overflow
Added: 09/18/2006 CVE: CVE-2003-1200 BID: 9317 OSVDB: 3255 Background MDaemon is an e-mail server product for Windows. It includes a web mail component called WorldClient. Problem A buffer overflow in MDaemon WorldClient allows remote command execution by sending a web request for the form2raw.cg...
CVE-2005-4266
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value...
CVE-2005-4266
The CVE-2005-4266 issue affects Alt-N MDaemon/WorldClient (WorldClient.dll) where WorldClient 8.1.3 trusts a Session parameter containing a randomly generated session ID linked to a username. This enables remote attackers to impersonate other users by guessing or sniffing the session value. Conne...
CVE-2005-4266
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value...
CVE-2005-4209
WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting XSS...