11 matches found
CVE-2021-27182
CVE-2021-27182 describes an IFRAME injection vulnerability in MDaemon Webmail (WorldClient) prior to version 20.0.4. The issue can be triggered via an email message and allows an attacker to execute actions with the privileges of the affected user, highlighting a client-side/iframe-based trust bo...
CVE-2021-27183
MDaemon Webmail before 20.0.4 contains an Arbitrary File Write vulnerability exploitable via Remote Administration. An attacker can create new files anywhere on the filesystem or modify existing files, with potential to achieve Remote Code Execution. Technical details across CNVD/CNNVD entries co...
CVE-2022-29976
CVE-2022-29976 concerns an Authenticated Reflected Cross‑site Scripting in Alt‑N MDaemon prior to 22.0.0, arising from insufficient validation of user input in the BCC parameter. An attacker with access to MDaemon could trigger JavaScript execution in a victim’s browser. The CVSS data in the prov...
CVE-2021-27180
MDaemon Webmail (WorldClient) on versions before 20.0.4 has a reflected XSS vulnerability exploitable via a GET request . The flaw can allow an attacker to perform actions with the privileges of the attacked user, with a NETWORK attack vector , UI required , and I/L/C/L/A impacts as described by ...
CVE-2021-27181
CVE-2021-27181 affects MDaemon before 20.0.4. Remote Administration allows manipulation of the anti-CSRF token via a crafted URL, enabling an attacker to trick an authenticated user into performing actions with the user’s privileges. Exploitation requires user interaction (visiting a malicious pa...
CVE-2019-8984
MDaemon Webmail 14.x–18.x before 18.5.2 contains a cross-site scripting (XSS) vulnerability in the web interface. Affected product: MDaemon Webmail; vulnerable versions: 14.x through 18.x prior to 18.5.2. Root cause not detailed in the provided documents. Remediation: upgrade to 18.5.2 or later (...
CVE-2022-29975
CVE-2022-29975 is an authenticated reflected Cross-Site Scripting vulnerability in MDaemon prior to 22.0.0. The issue arises from insufficient data validation/filtering of user-supplied and output data via the CC parameter, allowing an attacker with valid credentials to inject script that could e...
CVE-2019-8983
MDaemon Webmail 14.x–18.x prior to 18.5.2 is affected by a cross-site scripting (XSS) vulnerability in the Webmail interface (described as issue 1 of 2). Root cause details are not explicitly provided in the supplied sources. Mitigation: upgrade to 18.5.2 or later (as implied by the fixed version...
CVE-2008-2631
The CVE-2008-2631 issue affects Alt-N Technologies MDaemon WorldClient/WordClient interface. A memory corruption vulnerability arises from a NULL pointer dereference when processing a malicious HTTP POST request, allowing a remote unauthenticated attacker to crash the WorldClient service and caus...
CVE-2008-1358
The CVE-2008-1358 entry concerns Alt-N MDaemon IMAP Server (Windows) 9.6.4, which is affected by a stack-based buffer overflow in the IMAP FETCH BODY handling. A remote authenticated user can exploit this by sending an overly long FETCH BODY command, with potential arbitrary code execution within...
CVE-2012-2584
CVE-2012-2584 affects Alt-N MDaemon Free 12.5.4 with multiple XSS in email bodies: CSS expression usage (within STYLE on IMG or other elements) and innerHTML attributes in XML. Root cause is improper sanitization enabling script/HTML injection, leading to potential remote code execution-like impa...