Vulnerabilities > Smartertools

DATE CVE VULNERABILITY TITLE RISK
2019-04-24 CVE-2019-7214 Deserialization of Untrusted Data vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data.
network
low complexity
smartertools CWE-502
critical
10.0
2019-04-24 CVE-2019-7213 Path Traversal vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal.
network
low complexity
smartertools CWE-22
5.5
2019-04-24 CVE-2019-7212 USE of Hard-Coded Credentials vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys.
network
low complexity
smartertools CWE-798
6.4
2019-04-24 CVE-2019-7211 Cross-Site Scripting vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 16.x before build 6995 has stored XSS.
4.3
2019-01-16 CVE-2015-9276 Cross-Site Scripting vulnerability in Smartertools Smartermail
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms.
4.3
2017-09-30 CVE-2017-14620 Cross-Site Scripting vulnerability in Smartertools Smarterstats 11.3.6347
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
4.3
2012-09-19 CVE-2012-2578 Cross-Site Scripting vulnerability in Smartertools Smartermail 9.2
Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.
4.3
2011-12-16 CVE-2011-4752 Unspecified vulnerability in Smartertools Smarterstats 6.2.4100
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files.
network
low complexity
smartertools
critical
10.0
2011-12-16 CVE-2011-4751 Information Exposure vulnerability in Smartertools Smarterstats 6.2.4100
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
network
low complexity
smartertools CWE-200
5.0
2011-12-16 CVE-2011-4750 Cross-Site Scripting vulnerability in Smartertools Smarterstats 6.2.4100
Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files.
4.3