Filtered by vendor Alt-n Subscriptions
Filtered by product Mdaemon Subscriptions
Total 28 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-4209 1 Alt-n 2 Mdaemon, Worldclient 2026-04-16 N/A
WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability.
CVE-2005-4266 1 Alt-n 2 Mdaemon, Worldclient 2026-04-16 N/A
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.
CVE-2004-2504 1 Alt-n 1 Mdaemon 2026-04-16 N/A
The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.
CVE-2001-0064 1 Alt-n 1 Mdaemon 2026-04-16 N/A
Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string.
CVE-2001-0583 1 Alt-n 1 Mdaemon 2026-04-16 N/A
Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001.
CVE-2000-0716 1 Alt-n 1 Mdaemon 2026-04-16 N/A
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
CVE-2003-1200 1 Alt-n 1 Mdaemon 2026-04-16 N/A
Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.
CVE-2003-1471 1 Alt-n 1 Mdaemon 2026-04-16 N/A
MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.