CVE-2005-4209

WorldClient webmail in Alt-N MDaemon 8.1.3 - Denial of Service via Subject Header Script Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4209. PoCs published by dr_insane.

AI-analyzed exploit summary The provided text describes a denial of service vulnerability in MDaemon WorldClient due to improper input sanitization. However, no actual exploit code is present, only a reference to a SecurityFocus advisory.

Description

WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability.

Exploits (1)

exploitdb WRITEUP VERIFIED
by dr_insane · textdoswindows
https://www.exploit-db.com/exploits/26779

The provided text describes a denial of service vulnerability in MDaemon WorldClient due to improper input sanitization. However, no actual exploit code is present, only a reference to a SecurityFocus advisory.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: MDaemon WorldClient
No auth needed
Prerequisites: Access to the WorldClient interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://www.ipomonis.com/advisories/mdaemon.zip
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15815
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23551
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17990

Scores

EPSS 0.0213
EPSS Percentile 79.6%

Details

CWE
CWE-94
Status published
Products (2)
alt-n/mdaemon 8.1.3
alt-n/worldclient 8.1.3
Published Dec 13, 2005
Tracked Since Feb 18, 2026