threat
engine
.sh
Back
·
··:··
Home
/
Product
/
alt n mdaemon
Product
alt n mdaemon
45 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-3929
>= 20.0.0 and < 20.0.9
An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail
6.1
MEDIUM
CVE-2024-11182
< 24.5.1
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with
6.1
MEDIUM
CVE-2023-52269
<= 9.0.3
MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrat
4.8
MEDIUM
CVE-2022-29976
< 22.0.0
An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .
5.4
MEDIUM
CVE-2022-29975
< 22.0.0
An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .
5.4
MEDIUM
CVE-2021-27183
< 20.0.4
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write
7.2
HIGH
CVE-2021-27182
< 20.0.4
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can
8.8
HIGH
CVE-2021-27181
< 20.0.4
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF
8.8
HIGH
CVE-2021-27180
< 20.0.4
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a G
6.1
MEDIUM
CVE-2019-8984
>= 14.0 and < 18.5.2
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
6.1
MEDIUM
CVE-2019-8983
>= 14.0 and < 18.5.2
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
6.1
MEDIUM
CVE-2012-2584
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web sc
CVE-2008-6967
<= 10.0.1
Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably
CVE-2008-2631
<= 9.6.5
The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer de
CVE-2008-1358
all versions
Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute ar
CVE-2007-3622
<= 9.60
Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of serv
CVE-2006-5968
all versions
MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissio
CVE-2006-5709
all versions
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related t
CVE-2006-5708
<= 9.50
Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause
7.5
HIGH
CVE-2006-4364
all versions
Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause
CVE-2006-2646
all versions
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 a
CVE-2006-0925
all versions
Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a d
CVE-2005-4266
all versions
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID th
CVE-2005-4209
all versions
WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via scr
CVE-2004-2504
all versions
The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM pri
CVE-2004-2292
all versions
Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS
CVE-2004-1546
all versions
Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1)
CVE-2003-1471
<= 6.0.7
MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2)
CVE-2003-1470
all versions
Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash
CVE-2003-1200
all versions
Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code
CVE-2002-1539
all versions
Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service via long (1
CVE-2002-1740
all versions
Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute
CVE-2002-1739
>= 5.0 and <= 5.0.6
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to
5.5
MEDIUM
CVE-2002-1738
all versions
Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allo
CVE-2001-0584
all versions
IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2)
CVE-2001-0583
all versions
Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (su
CVE-2001-0104
all versions
MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the
CVE-2001-0064
all versions
Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long U
CVE-2000-1021
all versions
Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute
CVE-2000-1020
all versions
Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execut
CVE-2000-0716
all versions
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a
CVE-2000-0501
all versions
Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickl
CVE-2000-0399
all versions
Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name.
CVE-1999-0846
all versions
Denial of service in MDaemon 2.7 via a large number of connection attempts.
CVE-1999-0844
all versions
Denial of service in MDaemon WorldClient and WebConfig services via a long URL.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin