Worldclient
by Alt N
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-5708 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2006 | Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks. | ||
| CVE-2005-4209 | 0.03 | — | 0.02 | Dec 13, 2005 | WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site… | |||
| CVE-2002-1740 | 0.03 | — | 0.01 | Dec 31, 2002 | Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter). | |||
| CVE-2002-1741 | 0.03 | — | 0.01 | Dec 31, 2002 | Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter. | |||
| CVE-2000-0660 | 0.03 | — | 0.03 | Jul 12, 2000 | The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||
| CVE-1999-0844 | 0.03 | — | 0.06 | Nov 24, 1999 | Denial of service in MDaemon WorldClient and WebConfig services via a long URL. | |||
| CVE-2008-6967 | 0.00 | — | 0.01 | Aug 13, 2009 | Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893. | |||
| CVE-2008-6893 | 0.00 | — | 0.02 | Aug 3, 2009 | Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. | |||
| CVE-2005-4266 | 0.00 | — | 0.01 | Dec 15, 2005 | WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value. | |||
| CVE-2000-0716 | 0.00 | — | 0.01 | Oct 20, 2000 | WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email. |
- risk 0.49cvss 7.5epss 0.01
Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.
- CVE-2005-4209Dec 13, 2005risk 0.03cvss —epss 0.02
WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site…
- CVE-2002-1740Dec 31, 2002risk 0.03cvss —epss 0.01
Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter).
- CVE-2002-1741Dec 31, 2002risk 0.03cvss —epss 0.01
Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter.
- CVE-2000-0660Jul 12, 2000risk 0.03cvss —epss 0.03
The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
- CVE-1999-0844Nov 24, 1999risk 0.03cvss —epss 0.06
Denial of service in MDaemon WorldClient and WebConfig services via a long URL.
- CVE-2008-6967Aug 13, 2009risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893.
- CVE-2008-6893Aug 3, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag.
- CVE-2005-4266Dec 15, 2005risk 0.00cvss —epss 0.01
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.
- CVE-2000-0716Oct 20, 2000risk 0.00cvss —epss 0.01
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.