Vulnerabilities > Altn

DATE CVE VULNERABILITY TITLE RISK
2022-04-05 CVE-2022-25356 XML Injection (aka Blind XPath Injection) vulnerability in Altn Securitygateway
Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection.
network
low complexity
altn CWE-91
5.3
5.3
2021-04-14 CVE-2021-27183 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Altn Mdaemon
An issue was discovered in MDaemon before 20.0.4.
network
low complexity
altn CWE-610
7.2
7.2
2021-04-14 CVE-2021-27182 Injection vulnerability in Altn Mdaemon
An issue was discovered in MDaemon before 20.0.4.
network
low complexity
altn CWE-74
8.8
8.8
2021-04-14 CVE-2021-27181 Cross-Site Request Forgery (CSRF) vulnerability in Altn Mdaemon
An issue was discovered in MDaemon before 20.0.4.
network
low complexity
altn CWE-352
8.8
8.8
2021-04-14 CVE-2021-27180 Cross-site Scripting vulnerability in Altn Mdaemon
An issue was discovered in MDaemon before 20.0.4.
network
low complexity
altn CWE-79
6.1
6.1
2021-02-03 CVE-2020-18724 Cross-site Scripting vulnerability in Altn Mdaemon Webmail 14.0/20.0.0
Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list.
network
low complexity
altn CWE-79
5.4
5.4
2021-02-03 CVE-2020-18723 Cross-site Scripting vulnerability in Altn Mdaemon Webmail 14.0/20.0.0
Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.
network
low complexity
altn CWE-79
5.4
5.4
2019-12-17 CVE-2019-19497 Cross-site Scripting vulnerability in Altn Mdaemon Email Server 17.5.1
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message.
network
low complexity
altn CWE-79
5.4
5.4
2019-07-19 CVE-2018-17792 Cross-Site Request Forgery (CSRF) vulnerability in Altn Mdaemon Webmail 14.0
MDaemon Webmail (formerly WorldClient) has CSRF.
network
low complexity
altn CWE-352
8.8
8.8
2019-07-16 CVE-2019-13612 Improper Input Validation vulnerability in Altn Mdaemon Email Server 19
MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably inconsistent with currently popular message sizes.
network
low complexity
altn CWE-20
7.5
7.5