Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2006-5968

MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\APP folder, which is an untrusted search path element due to insecure permissions.

  • Published: Nov 17, 2006
  • Updated: Apr 13, 2023
  • CVE: CVE-2006-5968
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.6
  • AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
alt-n / mdaemon 9.51 9.51.x
alt-n / mdaemon 9.0.5 9.0.5.x
alt-n / mdaemon 9.0.6 9.0.6.x
alt-n / mdaemon 9.53 9.53.x