Page 5 of 40 results (0.010 seconds)

CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 3

The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2004-11/0385.html http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1324.html http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1353.html http://secunia.com/advisories/13225 http://securitytracker.com/id?1012350 http://www.osvdb.org/12158 http://www.securityfocus.com/bid/11736 https://exchange.xforce.ibmcloud.com/vulnerabilities/18287 •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 2

Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. • https://www.exploit-db.com/exploits/22542 https://www.exploit-db.com/exploits/22541 http://securityreason.com/securityalert/3286 http://www.securityfocus.com/archive/1/319735 http://www.securityfocus.com/bid/7438 http://www.securityfocus.com/bid/7439 https://exchange.xforce.ibmcloud.com/vulnerabilities/11874 https://exchange.xforce.ibmcloud.com/vulnerabilities/11875 • CWE-20: Improper Input Validation •

CVSS: 6.3EPSS: 4%CPEs: 1EXPL: 0

MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number. • http://archive.cert.uni-stuttgart.de/bugtraq/2003/04/msg00364.html http://archives.neohapsis.com/archives/bugtraq/2003-04/0359.html http://www.securityfocus.com/bid/7445 https://exchange.xforce.ibmcloud.com/vulnerabilities/11882 • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1

Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name. • http://securityreason.com/securityalert/3296 http://www.securityfocus.com/archive/1/319879 http://www.securityfocus.com/bid/7446 https://exchange.xforce.ibmcloud.com/vulnerabilities/11896 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 96%CPEs: 9EXPL: 6

Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi. • https://www.exploit-db.com/exploits/23501 https://www.exploit-db.com/exploits/16812 https://www.exploit-db.com/exploits/23502 http://hat-squad.com/bugreport/mdaemon-raw.txt http://marc.info/?l=bugtraq&m=107936753929354&w=2 http://secunia.com/advisories/10512 http://www.osvdb.org/3255 http://www.securityfocus.com/archive/1/348454 http://www.securityfocus.com/bid/9317 https://exchange.xforce.ibmcloud.com/vulnerabilities/14097 •