VYPR

Vendor CVEs

Alt N

All CVEs

78 total · sorted by risk
  • CVE-2007-3622Jul 9, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.

  • CVE-2006-5968Nov 17, 2006
    risk 0.00cvss epss 0.00

    MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in…

  • CVE-2006-5709Nov 4, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."

  • CVE-2006-4620Sep 7, 2006
    risk 0.00cvss epss 0.01

    The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account…

  • CVE-2006-4371Aug 26, 2006
    risk 0.00cvss epss 0.03

    Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2)…

  • CVE-2006-4370Aug 26, 2006
    risk 0.00cvss epss 0.02

    Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file.

  • CVE-2006-0817Jul 21, 2006
    risk 0.00cvss epss 0.05

    Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1)…

  • CVE-2006-0818Jul 21, 2006
    risk 0.00cvss epss 0.02

    Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full…

  • CVE-2005-4266Dec 15, 2005
    risk 0.00cvss epss 0.01

    WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.

  • CVE-2005-0319Jan 28, 2005
    risk 0.00cvss epss 0.01

    Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting…

  • CVE-2005-0317Jan 28, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

  • CVE-2005-0318Jan 28, 2005
    risk 0.00cvss epss 0.01

    useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.

  • CVE-2004-2504Dec 31, 2004
    risk 0.00cvss epss 0.00

    The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.

  • CVE-2003-1471Dec 31, 2003
    risk 0.00cvss epss 0.01

    MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.

  • CVE-2003-1470Dec 31, 2003
    risk 0.00cvss epss 0.05

    Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.

  • CVE-2003-0456Aug 18, 2003
    risk 0.00cvss epss 0.03

    VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.

  • CVE-2002-2241Dec 31, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request.

  • CVE-2002-1684Dec 31, 2002
    risk 0.00cvss epss 0.05

    Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents.

  • CVE-2002-2413Dec 31, 2002
    risk 0.00cvss epss 0.01

    WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.

  • CVE-2002-1738Dec 31, 2002
    risk 0.00cvss epss 0.01

    Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email.

  • CVE-2001-0583Aug 22, 2001
    risk 0.00cvss epss 0.02

    Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001.

  • CVE-2001-0064Feb 12, 2001
    risk 0.00cvss epss 0.02

    Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string.

  • CVE-2001-0104Feb 12, 2001
    risk 0.00cvss epss 0.00

    MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key.

  • CVE-2000-1020Dec 11, 2000
    risk 0.00cvss epss 0.02

    Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.

  • CVE-2000-0837Nov 14, 2000
    risk 0.00cvss epss 0.03

    FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes.

  • CVE-2000-0716Oct 20, 2000
    risk 0.00cvss epss 0.01

    WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.

  • CVE-2000-0399May 24, 2000
    risk 0.00cvss epss 0.01

    Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name.

  • CVE-1999-0846Dec 1, 1999
    risk 0.00cvss epss 0.01

    Denial of service in MDaemon 2.7 via a large number of connection attempts.

Page 2 of 2