8 matches found
CVE-2003-0471
Alt-N WebAdmin is affected by a remote buffer overflow in the USER parameter of WebAdmin.exe/WebAdmin.dll, enabling arbitrary code execution as described in CVE-2003-0471. Public artifacts include references in Exploit-DB and Metasploit modules showing a buffer overflow condition that could allow...
CVE-2006-4620
CVE-2006-4620 affects Alt-N WebAdmin 3.2.5 (and possibly earlier) used with MDaemon 9.0.6. The issue allows remote authenticated domain administrators to escalate privileges and access the system mail queue by modifying the MDaemon user mailbox to use another account’s mailbox. Public sources cor...
CVE-2005-0318
CVE-2005-0318 concerns Alt-N WebAdmin 3.0.4, where useredit_account.wdm fails to properly validate edits by the logged-in user. The root cause is insufficient validation of the account-edit parameter, enabling remote authenticated users to modify other users’ account information via a tampered us...
CVE-2003-1463
CVE-2003-1463 describes an absolute path traversal flaw in Alt-N Technologies WebAdmin 2.0.0–2.0.2. With administrator privileges, an attacker can (1) determine the installation path by reading the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. ...
CVE-2005-0317
CVE-2005-0317 affects Alt-N WebAdmin 3.0.4. The XSS flaw is in useredit_account.wdm (via the user parameter) and is caused by insufficient input validation/filtering. The NVD entry lists a CVSS v2 base score of 4.3 (Medium) with network attack vector, no confidentiality impact, partial integrity ...
CVE-2006-4371
CVE-2006-4371 concerns Alt-N WebAdmin 3.2.3/3.2.4 (MDaemon 9.0.5, possibly earlier). The flaw is a directory traversal in the file parameter of the scripts logfile_view.wdm and configfile_view.wdm, allowing a remote authenticated global administrator to read arbitrary files. The issue is confirme...
CVE-2005-0319
The CVE-2005-0319 entry describes a Direct remote injection vulnerability in the Alt-N WebAdmin 3.0.4 component modalfram.wdm, where an attacker can load external webpages and inject arbitrary HTML or script to facilitate cross-site scripting (XSS) and phishing. The root cause is an input/content...
CVE-2006-4370
Affected software / component: Alt-N WebAdmin (versions 3.2.3–3.2.4 with MDaemon 9.0.5; possibly earlier). Root cause / vulnerability: A flaw in WebAdmin’s handling of authentication/authorization via the userlist.wdm mechanism allows a remote authenticated domain administrator to change a global...