Alt-n » Worldclient : Security Vulnerabilities, CVEs, Published In 2005

CVE-2005-4266

WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.
Max CVSS
7.5
EPSS Score
0.34%
Published
2005-12-15
Updated
2008-09-05

CVE-2005-4209

WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability.
Max CVSS
4.3
EPSS Score
0.53%
Published
2005-12-13
Updated
2017-07-20
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close