Vendor CVEs
Alt N
All CVEs
78 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-3622 | 0.00 | — | 0.01 | Jul 9, 2007 | Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages. | |||
| CVE-2006-5968 | 0.00 | — | 0.00 | Nov 17, 2006 | MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in… | |||
| CVE-2006-5709 | 0.00 | — | 0.02 | Nov 4, 2006 | Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit." | |||
| CVE-2006-4620 | 0.00 | — | 0.01 | Sep 7, 2006 | The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account… | |||
| CVE-2006-4371 | 0.00 | — | 0.03 | Aug 26, 2006 | Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2)… | |||
| CVE-2006-4370 | 0.00 | — | 0.02 | Aug 26, 2006 | Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file. | |||
| CVE-2006-0817 | 0.00 | — | 0.05 | Jul 21, 2006 | Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1)… | |||
| CVE-2006-0818 | 0.00 | — | 0.02 | Jul 21, 2006 | Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full… | |||
| CVE-2005-4266 | 0.00 | — | 0.01 | Dec 15, 2005 | WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value. | |||
| CVE-2005-0319 | 0.00 | — | 0.01 | Jan 28, 2005 | Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting… | |||
| CVE-2005-0317 | 0.00 | — | 0.01 | Jan 28, 2005 | Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||
| CVE-2005-0318 | 0.00 | — | 0.01 | Jan 28, 2005 | useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter. | |||
| CVE-2004-2504 | 0.00 | — | 0.00 | Dec 31, 2004 | The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges. | |||
| CVE-2003-1471 | 0.00 | — | 0.01 | Dec 31, 2003 | MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number. | |||
| CVE-2003-1470 | 0.00 | — | 0.05 | Dec 31, 2003 | Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name. | |||
| CVE-2003-0456 | 0.00 | — | 0.03 | Aug 18, 2003 | VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. | |||
| CVE-2002-2241 | 0.00 | — | 0.02 | Dec 31, 2002 | Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request. | |||
| CVE-2002-1684 | 0.00 | — | 0.05 | Dec 31, 2002 | Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents. | |||
| CVE-2002-2413 | 0.00 | — | 0.01 | Dec 31, 2002 | WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. | |||
| CVE-2002-1738 | 0.00 | — | 0.01 | Dec 31, 2002 | Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email. | |||
| CVE-2001-0583 | 0.00 | — | 0.02 | Aug 22, 2001 | Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001. | |||
| CVE-2001-0064 | 0.00 | — | 0.02 | Feb 12, 2001 | Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string. | |||
| CVE-2001-0104 | 0.00 | — | 0.00 | Feb 12, 2001 | MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key. | |||
| CVE-2000-1020 | 0.00 | — | 0.02 | Dec 11, 2000 | Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. | |||
| CVE-2000-0837 | 0.00 | — | 0.03 | Nov 14, 2000 | FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes. | |||
| CVE-2000-0716 | 0.00 | — | 0.01 | Oct 20, 2000 | WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email. | |||
| CVE-2000-0399 | 0.00 | — | 0.01 | May 24, 2000 | Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name. | |||
| CVE-1999-0846 | 0.00 | — | 0.01 | Dec 1, 1999 | Denial of service in MDaemon 2.7 via a large number of connection attempts. |
- CVE-2007-3622Jul 9, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.
- CVE-2006-5968Nov 17, 2006risk 0.00cvss —epss 0.00
MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in…
- CVE-2006-5709Nov 4, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."
- CVE-2006-4620Sep 7, 2006risk 0.00cvss —epss 0.01
The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account…
- CVE-2006-4371Aug 26, 2006risk 0.00cvss —epss 0.03
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2)…
- CVE-2006-4370Aug 26, 2006risk 0.00cvss —epss 0.02
Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file.
- CVE-2006-0817Jul 21, 2006risk 0.00cvss —epss 0.05
Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1)…
- CVE-2006-0818Jul 21, 2006risk 0.00cvss —epss 0.02
Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full…
- CVE-2005-4266Dec 15, 2005risk 0.00cvss —epss 0.01
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.
- CVE-2005-0319Jan 28, 2005risk 0.00cvss —epss 0.01
Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting…
- CVE-2005-0317Jan 28, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
- CVE-2005-0318Jan 28, 2005risk 0.00cvss —epss 0.01
useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.
- CVE-2004-2504Dec 31, 2004risk 0.00cvss —epss 0.00
The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.
- CVE-2003-1471Dec 31, 2003risk 0.00cvss —epss 0.01
MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.
- CVE-2003-1470Dec 31, 2003risk 0.00cvss —epss 0.05
Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.
- CVE-2003-0456Aug 18, 2003risk 0.00cvss —epss 0.03
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
- CVE-2002-2241Dec 31, 2002risk 0.00cvss —epss 0.02
Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request.
- CVE-2002-1684Dec 31, 2002risk 0.00cvss —epss 0.05
Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents.
- CVE-2002-2413Dec 31, 2002risk 0.00cvss —epss 0.01
WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.
- CVE-2002-1738Dec 31, 2002risk 0.00cvss —epss 0.01
Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email.
- CVE-2001-0583Aug 22, 2001risk 0.00cvss —epss 0.02
Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001.
- CVE-2001-0064Feb 12, 2001risk 0.00cvss —epss 0.02
Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string.
- CVE-2001-0104Feb 12, 2001risk 0.00cvss —epss 0.00
MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key.
- CVE-2000-1020Dec 11, 2000risk 0.00cvss —epss 0.02
Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
- CVE-2000-0837Nov 14, 2000risk 0.00cvss —epss 0.03
FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes.
- CVE-2000-0716Oct 20, 2000risk 0.00cvss —epss 0.01
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
- CVE-2000-0399May 24, 2000risk 0.00cvss —epss 0.01
Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name.
- CVE-1999-0846Dec 1, 1999risk 0.00cvss —epss 0.01
Denial of service in MDaemon 2.7 via a large number of connection attempts.
Page 2 of 2