28 matches found
CVE-2008-6967
The CVE-2008-6967 entry concerns Alt-N MDaemon WorldClient in versions up to 10.0.1, with multiple unspecified vulnerabilities in WorldClient potentially involving cross-site scripting (XSS). The connected documents corroborate affected product (MDaemon/WorldClient), imply an XSS-related risk, an...
CVE-2000-1020
CVE-2000-1020 describes a heap overflow in Worldclient of MDaemon (versions 3.1.1 and earlier) that can be triggered by a long URL, allowing remote attackers to cause a denial of service and potentially execute arbitrary commands. The issue is exploitable over the network without authentication, ...
CVE-2000-0399
The CVE-2000-0399 entry concerns the MDaemon POP3 server. A buffer overflow in the POP server allows remote attackers to crash the service by sending a too-long user name, resulting in a denial of service. Affected component: MDaemon POP3 server (remote input to user field). Impact: remote DoS wi...
CVE-2004-2292
CVE-2004-2292 affects Alt-N MDaemon 7.0.1: a buffer overflow in the IMAP server triggered by a long STATUS command allows remote attackers to cause a denial of service (application crash). The available documents confirm the vulnerable component (IMAP STATUS handling) and the impact (DoS); no exp...
CVE-2006-0925
CVE-2006-0925 affects the IMAP server component (IMAP4rev1) of Alt-N MDaemon 8.1.1 (and possibly 8.1.4). The vulnerability is a format string flaw in folder-name handling that, when an attacker creates and lists folders containing format specifiers, can cause the server to suffer CPU exhaustion a...
CVE-2004-1546
CVE-2004-1546 affects MDaemon 6.5.1. The issue is a stack buffer overflow in the MDaemon SMTP and IMAP command processing (overly long arguments to SAML/SOML/SEND/MAIL or LIST), leading to denial of service (crash) and, per advisories, potential remote code execution with system privileges. Explo...
CVE-2000-0501
MDaemon 2.8.5.0 POP server is affected by a race condition that can cause a denial of service when a UIDL command is issued and the server is exited rapidly. The issue is described as a local DoS with partial availability impact and a low CVSS. No exploitation details are provided in the availabl...
CVE-2005-4209
CVE-2005-4209 concerns WorldClient webmail in Alt-N MDaemon 8.1.3. The issue arises from script tags in the Subject header, enabling cross‑site scripting that can prevent users from accessing their Inbox. The vulnerability is described as impacting availability (partial) without affecting confide...
CVE-2006-5968
MDaemon 9.0.5, 9.0.6, 9.51, and 9.53 (and possibly other versions) install the MDaemon application folder with insecure permissions, allowing local users to create files/directories. This untrusted search path enables local code execution by placing malicious RASAPI32.DLL or MPRAPI.DLL in the MDa...
CVE-2000-1021
CVE-2000-1021 describes a heap overflow in the WebConfig component of Mdaemon ≤ 3.1.1. The vulnerability allows remote attackers to cause a denial of service and potentially execute arbitrary commands by supplying a long URL. Exploitation details are not provided in the available documents. No re...
CVE-2001-0583
CVE-2001-0583 affects Alt-N Technologies MDaemon 3.5.4. A remote attacker can cause a denial of service by issuing a request to a MS-DOS device endpoint (e.g., GET /aux) on the Worldclient service (port 3000) or the Webconfig service (port 3001). The available documents do not provide remediation...
CVE-2006-5709
Technical details about CVE-2006-5709 are not publicly provided in the supplied documents. Monitor for updates; no affected products, exploit info, or remediation details are confirmed here.
CVE-2001-0064
MDaemon IMAP Server DoS (CVE-2001-0064): The vulnerability affects MDaemon Webconfig/IMAP in versions up to 3.5.0 and earlier, where a remote attacker can crash the service by sending a long URL/argument terminated by a CRLF (LOGIN) string. OpenVAS/Nessus entries confirm remote DoS via long input...
CVE-2002-1738
CVE-2002-1738 affects Alt-N Technologies MDaemon 5.0.5.0 and earlier. The issue is that a default MDaemon mail account is created with the password “MServer,” which could allow remote attackers to send anonymous email. The available sources describe the affected product and the default credential...
CVE-2002-1740
The CVE-2002-1740 entry describes a buffer overflow in WorldClient.cgi (WorldClient) of Alt-N Technologies MDaemon
CVE-2004-2504
The CVE affects Alt-N Technologies MDaemon (7.2 and earlier, including 6.8). The GUI creates new files by launching child processes (e.g., NOTEPAD.EXE) with SYSTEM privileges, enabling local users with physical access to escalate privileges. Root cause is the GUI spawning and executing external e...
CVE-2005-4266
The CVE-2005-4266 issue affects Alt-N MDaemon/WorldClient (WorldClient.dll) where WorldClient 8.1.3 trusts a Session parameter containing a randomly generated session ID linked to a username. This enables remote attackers to impersonate other users by guessing or sniffing the session value. Conne...
CVE-2000-0716
CVE-2000-0716 affects WorldClient email client in MDaemon 2.8. The session ID is included in the referer header of an HTTP request when the user clicks a URL, allowing the visited site to hijack the session ID and read the user’s email. Exploitation details are not provided in the documents, and ...
CVE-2001-0584
MDaemon IMAP Server DoS (CVE-2001-0584): The Affected product is Alt-N Technologies MDaemon IMAP Server, version around 3.5.6. The vulnerability is triggered by sending too long arguments to the SELECT or EXAMINE commands, causing the server to crash (denial of service) for remote clients. Root c...
CVE-2003-1200
CVE-2003-1200 is a stack-based buffer overflow in Alt-N MDaemon’s WorldClient form2raw.cgi (FORM2RAW.exe). A long From parameter to Form2Raw.cgi can cause remote code execution. Affected products include MDaemon versions 6.5.2–6.8.5 with WorldClient HTTP server enabled; upgrade to 6.8.6 or remove...
CVE-2007-3622
CVE-2007-3622 affects Alt‑N Technologies MDaemon before 9.61, via the DomainPOP Mail Collection component. A malformed message may cause the server to crash, allowing a remote attacker to deny service to legitimate users (DoS). The issue is described as an unspecified vulnerability in DomainPOP; ...
CVE-2006-4364
CVE-2006-4364 affects Alt-N Technologies’ MDaemon POP3 server prior to version 9.0.6. The vulnerability is due to multiple heap-based buffer overflows triggered by long strings containing '@' characters in the USER and APOP commands. Exploitation can cause a daemon crash (DoS) and may allow remot...
CVE-2003-1470
The CVE concerns MDaemon IMAP Service with versions 6.7.5 and earlier. A buffer overflow is triggered in the IMAP CREATE command when a mailbox name is excessively long, allowing a remote authenticated user to crash the service and potentially execute arbitrary code. The descriptions consistently...
CVE-2006-5708
MDaemon and WorldClient (Alt‑N Technologies MDaemon) before 9.50 are affected by CVE-2006-5708 due to multiple unspecified vulnerabilities that allow a denial of service via memory consumption leading to memory leaks. The issue affects MDaemon and WorldClient prior to version 9.50. Root cause vec...
CVE-2006-2646
CVE-2006-2646 is a buffer overflow in Alt-N MDaemon (likely affected versions up to 9.0.1 and earlier) that allows remote attackers to execute arbitrary code. The overflow occurs via a long A0001 argument that begins with a double quote (""). The connected sources provide the same description acr...
CVE-2001-0104
MDaemon Pro 3.5.1 and earlier have a local privilege bypass: a user can bypass the "lock server" security setting by pressing Cancel at the password prompt and then pressing Enter. The available documents confirm the affected product and UI-based trigger, but do not provide concrete mitigation st...
CVE-2002-1539
CVE-2002-1539 affects MDaemon POP Server up to version 6.0.7. The vulnerability is a buffer overflow in handling long DELE and UIDL arguments, allowing a remote authenticated attacker to trigger a denial of service. The issue is evidenced by multiple sources (NVD description, Tenable Nessus entry...
CVE-2003-1471
MDaemon POP server 6.0.7 and earlier is affected. The vulnerability allows remote authenticated users to cause a denial of service (crash) by issuing POP commands DELE or UIDL with a negative number. The connected documents confirm the affected product and the faulty commands but do not provide d...