MDaemon-Advisories

MDaemon Advisories:

CVE-2021-27180 (Reflected XSS)
CVE-2021-27181 (CSRF Token Fixation)
CVE-2021-27182 (Iframe injection)
CVE-2021-27183 (Remote Code Execution)

Those vulnerabilities were already patched on January 2021 and are published for CVE purposes. They can be chained to achieve RCE/Account Takeover over email message (user interaction required).

Timeline:

15-Dec-2020: Vulnerabilities reports sent to the vendor

12-Jan-2021: Patch published

Patch notes:

https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/

Thank you MDaemon Technologies for quick fixes and good cooperation. :)

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
CVE-2021-27180.pdf		CVE-2021-27180.pdf
CVE-2021-27181.pdf		CVE-2021-27181.pdf
CVE-2021-27182.pdf		CVE-2021-27182.pdf
CVE-2021-27183.pdf		CVE-2021-27183.pdf
README.md		README.md
demo-mdaemon.mp4		demo-mdaemon.mp4

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

MDaemon-Advisories

About

Releases

Packages

chudyPB/MDaemon-Advisories

Folders and files

Latest commit

History

Repository files navigation

MDaemon-Advisories

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages