Alt-n » Worldclient : Security Vulnerabilities, CVEs, Published In 2005
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.
Max CVSS
7.5
EPSS Score
0.34%
Published
2005-12-15
Updated
2008-09-05
WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability.
Max CVSS
4.3
EPSS Score
0.53%
Published
2005-12-13
Updated
2017-07-20
2 vulnerabilities found