Lucene search
K
AltnMdaemon

11 matches found

CVE
CVE
added 2021/04/14 10:29 p.m.116 views

CVE-2021-27182

CVE-2021-27182 describes an IFRAME injection vulnerability in MDaemon Webmail (WorldClient) prior to version 20.0.4. The issue can be triggered via an email message and allows an attacker to execute actions with the privileges of the affected user, highlighting a client-side/iframe-based trust bo...

8.8CVSS8.7AI score0.01554EPSS
CVE
CVE
added 2021/04/14 10:32 p.m.108 views

CVE-2021-27183

MDaemon Webmail before 20.0.4 contains an Arbitrary File Write vulnerability exploitable via Remote Administration. An attacker can create new files anywhere on the filesystem or modify existing files, with potential to achieve Remote Code Execution. Technical details across CNVD/CNNVD entries co...

7.2CVSS7AI score0.02695EPSS
CVE
CVE
added 2022/05/11 12:54 p.m.97 views

CVE-2022-29976

CVE-2022-29976 concerns an Authenticated Reflected Cross‑site Scripting in Alt‑N MDaemon prior to 22.0.0, arising from insufficient validation of user input in the BCC parameter. An attacker with access to MDaemon could trigger JavaScript execution in a victim’s browser. The CVSS data in the prov...

5.4CVSS5.4AI score0.0046EPSS
CVE
CVE
added 2021/04/14 10:26 p.m.96 views

CVE-2021-27180

MDaemon Webmail (WorldClient) on versions before 20.0.4 has a reflected XSS vulnerability exploitable via a GET request . The flaw can allow an attacker to perform actions with the privileges of the attacked user, with a NETWORK attack vector , UI required , and I/L/C/L/A impacts as described by ...

6.1CVSS5.9AI score0.00926EPSS
CVE
CVE
added 2021/04/14 10:28 p.m.89 views

CVE-2021-27181

CVE-2021-27181 affects MDaemon before 20.0.4. Remote Administration allows manipulation of the anti-CSRF token via a crafted URL, enabling an attacker to trick an authenticated user into performing actions with the user’s privileges. Exploitation requires user interaction (visiting a malicious pa...

8.8CVSS8.6AI score0.0065EPSS
CVE
CVE
added 2019/02/21 3:0 p.m.83 views

CVE-2019-8984

MDaemon Webmail 14.x–18.x before 18.5.2 contains a cross-site scripting (XSS) vulnerability in the web interface. Affected product: MDaemon Webmail; vulnerable versions: 14.x through 18.x prior to 18.5.2. Root cause not detailed in the provided documents. Remediation: upgrade to 18.5.2 or later (...

6.1CVSS6AI score0.00793EPSS
CVE
CVE
added 2022/05/11 12:53 p.m.82 views

CVE-2022-29975

CVE-2022-29975 is an authenticated reflected Cross-Site Scripting vulnerability in MDaemon prior to 22.0.0. The issue arises from insufficient data validation/filtering of user-supplied and output data via the CC parameter, allowing an attacker with valid credentials to inject script that could e...

5.4CVSS5.4AI score0.0046EPSS
CVE
CVE
added 2019/02/21 3:0 p.m.79 views

CVE-2019-8983

MDaemon Webmail 14.x–18.x prior to 18.5.2 is affected by a cross-site scripting (XSS) vulnerability in the Webmail interface (described as issue 1 of 2). Root cause details are not explicitly provided in the supplied sources. Mitigation: upgrade to 18.5.2 or later (as implied by the fixed version...

6.1CVSS6AI score0.00793EPSS
CVE
CVE
added 2008/06/10 12:0 a.m.74 views

CVE-2008-2631

The CVE-2008-2631 issue affects Alt-N Technologies MDaemon WorldClient/WordClient interface. A memory corruption vulnerability arises from a NULL pointer dereference when processing a malicious HTTP POST request, allowing a remote unauthenticated attacker to crash the WorldClient service and caus...

5CVSS6.5AI score0.2279EPSS
CVE
CVE
added 2008/03/17 5:0 p.m.56 views

CVE-2008-1358

The CVE-2008-1358 entry concerns Alt-N MDaemon IMAP Server (Windows) 9.6.4, which is affected by a stack-based buffer overflow in the IMAP FETCH BODY handling. A remote authenticated user can exploit this by sending an overly long FETCH BODY command, with potential arbitrary code execution within...

6.5CVSS7.5AI score0.57075EPSS
CVE
CVE
added 2012/08/12 5:0 p.m.54 views

CVE-2012-2584

CVE-2012-2584 affects Alt-N MDaemon Free 12.5.4 with multiple XSS in email bodies: CSS expression usage (within STYLE on IMG or other elements) and innerHTML attributes in XML. Root cause is improper sanitization enabling script/HTML injection, leading to potential remote code execution-like impa...

4.3CVSS5.9AI score0.03232EPSS