Mdaemon
by Alt N
CVEs (42)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-5708 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2006 | Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks. | ||
| CVE-2002-1739 | Med | 0.36 | 5.5 | 0.00 | Dec 31, 2002 | Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | ||
| CVE-2008-1358 | 0.08 | — | 0.57 | Mar 17, 2008 | Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY. | |||
| CVE-2003-1200 | 0.08 | — | 0.65 | Dec 29, 2003 | Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi. | |||
| CVE-2006-4364 | 0.07 | — | 0.55 | Aug 27, 2006 | Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP… | |||
| CVE-2008-2631 | 0.05 | — | 0.23 | Jun 10, 2008 | The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2004-1546 | 0.05 | — | 0.31 | Dec 31, 2004 | Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server. | |||
| CVE-2020-18724 | 0.03 | — | 0.03 | Feb 3, 2021 | Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list. | |||
| CVE-2012-2584 | 0.03 | — | 0.03 | Aug 12, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the… | |||
| CVE-2006-2646 | 0.03 | — | 0.05 | May 30, 2006 | Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote). | |||
| CVE-2006-0925 | 0.03 | — | 0.03 | Feb 28, 2006 | Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folders whose names contain format string specifiers. | |||
| CVE-2005-4209 | 0.03 | — | 0.02 | Dec 13, 2005 | WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site… | |||
| CVE-2002-1539 | 0.03 | — | 0.03 | Mar 31, 2003 | Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service via long (1) DELE or (2) UIDL arguments. | |||
| CVE-2002-1741 | 0.03 | — | 0.01 | Dec 31, 2002 | Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter. | |||
| CVE-2002-1740 | 0.03 | — | 0.01 | Dec 31, 2002 | Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter). | |||
| CVE-2001-0584 | 0.03 | — | 0.01 | Aug 22, 2001 | IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands. | |||
| CVE-2000-1021 | 0.03 | — | 0.04 | Dec 11, 2000 | Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. | |||
| CVE-2000-0501 | 0.03 | — | 0.04 | Jun 16, 2000 | Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server. | |||
| CVE-1999-0844 | 0.03 | — | 0.06 | Nov 24, 1999 | Denial of service in MDaemon WorldClient and WebConfig services via a long URL. | |||
| CVE-2004-2292 | 0.01 | — | 0.12 | Dec 31, 2004 | Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server. |
- risk 0.49cvss 7.5epss 0.01
Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.
- risk 0.36cvss 5.5epss 0.00
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.
- CVE-2008-1358Mar 17, 2008risk 0.08cvss —epss 0.57
Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY.
- CVE-2003-1200Dec 29, 2003risk 0.08cvss —epss 0.65
Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.
- CVE-2006-4364Aug 27, 2006risk 0.07cvss —epss 0.55
Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP…
- CVE-2008-2631Jun 10, 2008risk 0.05cvss —epss 0.23
The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2004-1546Dec 31, 2004risk 0.05cvss —epss 0.31
Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.
- CVE-2020-18724Feb 3, 2021risk 0.03cvss —epss 0.03
Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list.
- CVE-2012-2584Aug 12, 2012risk 0.03cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the…
- CVE-2006-2646May 30, 2006risk 0.03cvss —epss 0.05
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).
- CVE-2006-0925Feb 28, 2006risk 0.03cvss —epss 0.03
Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folders whose names contain format string specifiers.
- CVE-2005-4209Dec 13, 2005risk 0.03cvss —epss 0.02
WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site…
- CVE-2002-1539Mar 31, 2003risk 0.03cvss —epss 0.03
Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service via long (1) DELE or (2) UIDL arguments.
- CVE-2002-1741Dec 31, 2002risk 0.03cvss —epss 0.01
Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter.
- CVE-2002-1740Dec 31, 2002risk 0.03cvss —epss 0.01
Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter).
- CVE-2001-0584Aug 22, 2001risk 0.03cvss —epss 0.01
IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands.
- CVE-2000-1021Dec 11, 2000risk 0.03cvss —epss 0.04
Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
- CVE-2000-0501Jun 16, 2000risk 0.03cvss —epss 0.04
Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server.
- CVE-1999-0844Nov 24, 1999risk 0.03cvss —epss 0.06
Denial of service in MDaemon WorldClient and WebConfig services via a long URL.
- CVE-2004-2292Dec 31, 2004risk 0.01cvss —epss 0.12
Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server.
Page 1 of 3