Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mdaemon mdaemon vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-37240
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter.
Altn Security Gateway For Email Servers 8.5.2
9.8
CVSSv3
CVE-2022-37242
MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.
Altn Security Gateway For Email Servers 8.5.2
8.8
CVSSv3
CVE-2021-27181
An issue exists in MDaemon prior to 20.0.4. Remote Administration allows an malicious user to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the applic...
1 Github repository
8.8
CVSSv3
CVE-2021-27182
An issue exists in MDaemon prior to 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an malicious user to perform any action with the privileges of the attacked user.
1 Github repository
8.8
CVSSv3
CVE-2018-17792
MDaemon Webmail (formerly WorldClient) has CSRF.
Altn Mdaemon Webmail 14.0
7.5
CVSSv3
CVE-2019-13612
MDaemon Email Server 19 up to and including 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably inconsistent with currently popular message sizes. This might interfere wit...
Altn Mdaemon Email Server 19
7.2
CVSSv3
CVE-2021-27183
An issue exists in MDaemon prior to 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may...
1 Github repository
6.1
CVSSv3
CVE-2021-27180
An issue exists in MDaemon prior to 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
1 Github repository
6.1
CVSSv3
CVE-2019-8983
MDaemon Webmail 14.x up to and including 18.x prior to 18.5.2 has XSS (issue 1 of 2).
Altn Mdaemon
6.1
CVSSv3
CVE-2019-8984
MDaemon Webmail 14.x up to and including 18.x prior to 18.5.2 has XSS (issue 2 of 2).
Altn Mdaemon
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »