Vulnerability CVE-2008-6967


Published: 2009-08-13   Modified: 2012-02-12

Description:
Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893.

Vendor: Alt-n
Product: Mdaemon 
Version:
9.64
9.60
9.6.5
9.6.4
9.53
9.51
9.50
9.0.6
9.0.5
9.0.4
9.0.3
9.0.2
9.0.1
8.1.4
8.1.3
8.1.1
7.2
6.8.5
6.8.4
6.8.3
6.5.0
6.0.7
6.0.6
6.0.5
6.0
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
5.0.1
5.0
3.5.6
3.5.4
3.5.1
3.5.0
3.1_beta
3.1.2
3.1.1
3.0.4
3.0.3
2.8.5.0
2.8
2.71_sp1
10.0.1
Product: Worldclient 
Version:
8.1.3
5.0.5
5.0.4
5.0.3
5.0.2
5.0.1
5.0
2.1
10.0.1

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://files.altn.com/MDaemon/Release/RelNotes_en.txt
http://www.securityfocus.com/bid/32355
http://www.vupen.com/english/advisories/2008/3206
https://exchange.xforce.ibmcloud.com/vulnerabilities/46688

Related CVE
CVE-2008-6893
Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag.
CVE-2008-4193
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.
CVE-2007-3622
Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.
CVE-2006-5968
MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.D...
CVE-2006-5708
Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.
CVE-2006-5709
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."
CVE-2006-4620
The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbo...
CVE-2006-4371
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) ...

Copyright 2019, cxsecurity.com

 

Back to Top