CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17792 – WorldClient 14 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-17792
12 Jul 2019 — MDaemon Webmail (formerly WorldClient) has CSRF. MDaemon Webmail (anteriormente WorldClient) tiene Cross-Site Request Forgery (CSRF). WorldClient version 14 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/153686 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8983
https://notcve.org/view.php?id=CVE-2019-8983
21 Feb 2019 — MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). MDaemon Webmail, en sus versiones 14.x hasta las 18.x anteriores a la 18.5.2, tiene Cross-Site Scripting (XSS) (fallo 1 de 2). • https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8984
https://notcve.org/view.php?id=CVE-2019-8984
21 Feb 2019 — MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). MDaemon Webmail, en sus versiones 14.x hasta las 18.x anteriores a la 18.5.2, tiene Cross-Site Scripting (XSS) (fallo 2 de 2). • https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2012-2584 – Alt-N MDaemon free 12.5.4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2584
12 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document. Múltiples vulnerabil... • https://www.exploit-db.com/exploits/20357 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 1CVE-2008-2631 – Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflows (PoC)
https://notcve.org/view.php?id=CVE-2008-2631
10 Jun 2008 — The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. La interfaz WordClient en Alt-N Technologies MDaemon 9.6.5 permite a atacantes remotos provocar una denegación de servicio (puntero a referencia NULL o caída de aplicación) a través de una petición HTT... • https://www.exploit-db.com/exploits/5727 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 76%CPEs: 1EXPL: 3CVE-2008-1358 – MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1358
17 Mar 2008 — Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY. Un desbordamiento de búfer en la región stack de la memoria en el servidor IMAP en Alt-N Technologies MDaemon versión 9.6.4, permite a los usuarios autenticados remotos ejecutar código arbitrario por medio de un comando FETCH con un CUERPO largo. • https://packetstorm.news/files/id/83208 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •