SmarterTools

SmarterMail

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-40377

  • EPSS 0.3%
  • Veröffentlicht 08.09.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 06:23:59

SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.

8.1

CVE-2020-29548

  • EPSS 0.62%
  • Veröffentlicht 17.08.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 05:24:10

An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.

6.1

CVE-2021-32233

  • EPSS 0.29%
  • Veröffentlicht 06.07.2021 00:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:54

SmarterTools SmarterMail before Build 7776 allows XSS.

10

CVE-2019-7214

Exploit
  • EPSS 82.93%
  • Veröffentlicht 24.04.2019 15:29:02
  • Zuletzt bearbeitet 21.11.2024 04:47:45

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after appl...

6.5

CVE-2019-7213

  • EPSS 13.38%
  • Veröffentlicht 24.04.2019 15:29:02
  • Zuletzt bearbeitet 21.11.2024 04:47:45

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the...

8.2

CVE-2019-7212

Exploit
  • EPSS 0.48%
  • Veröffentlicht 24.04.2019 15:29:01
  • Zuletzt bearbeitet 21.11.2024 04:47:45

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.

6.1

CVE-2019-7211

  • EPSS 0.3%
  • Veröffentlicht 24.04.2019 15:29:01
  • Zuletzt bearbeitet 21.11.2024 04:47:45

SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.

6.1

CVE-2015-9276

  • EPSS 0.28%
  • Veröffentlicht 16.01.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 02:40:13

SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Ther...

4.3

CVE-2012-2578

Exploit
  • EPSS 0.76%
  • Veröffentlicht 19.09.2012 10:57:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2)...

5

CVE-2010-3486

Exploit
  • EPSS 6.09%
  • Veröffentlicht 22.09.2010 20:00:10
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parame...