cbcvebase.

Alt-N Webadmin vulnerabilities

7 known vulnerabilities affecting alt-n/webadmin.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4LOW2

Vulnerabilities

Page 1 of 1
CVE-2003-1463P4LOWCVSS 3.5PoCv2.0.0v2.0.1+1 more2003-12-31
CVE-2003-1463 [LOW] CWE-20 CVE-2003-1463: Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remo Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
nvd
CVE-2006-4370P4HIGHCVSS 7.5v3.2.3v3.2.42006-08-26
CVE-2006-4370 [HIGH] CVE-2006-4370: Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authen Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file.
nvd
CVE-2006-4620P4MEDIUMCVSS 4.6≤ 3.2.5v3.0.2+3 more2006-09-07
CVE-2006-4620 [MEDIUM] CVE-2006-4620: The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly ear The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account.
nvd
CVE-2006-4371P4MEDIUMCVSS 4.0v3.2.3v3.2.42006-08-26
CVE-2006-4371 [MEDIUM] CVE-2006-4371: Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm.
nvd
CVE-2005-0317P4MEDIUMCVSS 4.3v3.0.22005-01-28
CVE-2005-0317 [MEDIUM] CVE-2005-0317: Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remo Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
nvd
CVE-2005-0319P4MEDIUMCVSS 4.3v3.0.32005-01-28
CVE-2005-0319 [MEDIUM] CVE-2005-0319: Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attacke Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks.
nvd
CVE-2005-0318P4LOWCVSS 2.1v3.0.22005-01-28
CVE-2005-0318 [LOW] CVE-2005-0318: useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.
nvd
Alt-N Webadmin vulnerabilities | cvebase