CVSS: 5.0EPSS: 22%CPEs: 47EXPL: 4CVE-2006-4364 – MDaemon POP3 Server < 9.06 - 'USER' Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-4364
Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands. Múltiples desbordamientos de búfer en el servidor POP3 de Alt-N Technologies MDaemon anterior a 9.0.6 permiten a atacantes remotos provocar una denegación de servicio (caída del demonio) y posiblemente ejecutar código de su elección mediante cadenas largas que contienen caracteres '@' en los comandos (1) USER y (2) APOP. • https://www.exploit-db.com/exploits/2245 https://www.exploit-db.com/exploits/2258 http://files.altn.com/MDaemon/Release/RelNotes_en.txt http://secunia.com/advisories/21595 http://securityreason.com/securityalert/1446 http://securitytracker.com/id?1016729 http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-08-04 http://www.osvdb.org/28125 http://www.securityfocus.com/archive/1/444015/100/0/threaded http://www.securityfocus.com/bid/19651 http://www.vupen.com/ •
CVSS: 7.5EPSS: 2%CPEs: 42EXPL: 3CVE-2006-2646 – Alt-N MDaemon 2-8 - IMAP Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-2646
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote). Desbordamiento de búfer en Alt-N MDaemon, posiblemente 9.0.1 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario a través de un argumento A0001 largo que comienza con un '"' (comillas dobles). • https://www.exploit-db.com/exploits/27914 http://marc.info/?l=full-disclosure&m=114882270912151&w=2 http://securitytracker.com/id?1016167 http://www.securityfocus.com/bid/18129 •
CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 2CVE-2004-2292
https://notcve.org/view.php?id=CVE-2004-2292
Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server. • http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0527.html http://www.securityfocus.com/bid/10366 https://exchange.xforce.ibmcloud.com/vulnerabilities/16118 •
CVSS: 6.3EPSS: 4%CPEs: 1EXPL: 0CVE-2003-1471
https://notcve.org/view.php?id=CVE-2003-1471
MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number. • http://archive.cert.uni-stuttgart.de/bugtraq/2003/04/msg00364.html http://archives.neohapsis.com/archives/bugtraq/2003-04/0359.html http://www.securityfocus.com/bid/7445 https://exchange.xforce.ibmcloud.com/vulnerabilities/11882 • CWE-20: Improper Input Validation •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2000-0716
https://notcve.org/view.php?id=CVE-2000-0716
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email. • http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=459 http://www.securityfocus.com/bid/1553 https://exchange.xforce.ibmcloud.com/vulnerabilities/5070 •