Vulnerabilities
Vulnerable Software
Alt-N:  Security Vulnerabilities
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm.
CVSS Score
4.0
EPSS Score
0.009
Published
2006-08-26
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).
CVSS Score
7.5
EPSS Score
0.05
Published
2006-05-30
Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folders whose names contain format string specifiers.
CVSS Score
5.0
EPSS Score
0.047
Published
2006-02-28
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-12-15
WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability.
CVSS Score
4.3
EPSS Score
0.005
Published
2005-12-13
Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-01-28
useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-01-28
Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-01-28
Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.
CVSS Score
5.0
EPSS Score
0.495
Published
2004-12-31
Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server.
CVSS Score
5.0
EPSS Score
0.015
Published
2004-12-31


Contact Us

Shodan ® - All rights reserved