Vulnerabilities > Smartertools > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-05-20 | CVE-2011-2153 | Information Exposure vulnerability in Smartertools Smarterstats 6.0 Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue. | 5.0 |
| 2011-05-20 | CVE-2011-2152 | Information Exposure vulnerability in Smartertools Smarterstats 6.0 The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | 5.0 |
| 2011-05-20 | CVE-2011-2151 | Cryptographic Issues vulnerability in Smartertools Smarterstats 6.0 The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2011-05-20 | CVE-2011-2150 | Improper Input Validation vulnerability in Smartertools Smarterstats 6.0 The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue. | 5.0 |
| 2010-09-22 | CVE-2010-3486 | Path Traversal vulnerability in Smartertools Smartermail 7.1.3876 Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter. | 5.0 |
| 2010-09-16 | CVE-2010-3425 | Cross-Site Scripting vulnerability in Smartertools Smarterstats 5.3/5.3.3819 Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 4.3 |
| 2010-08-25 | CVE-2009-4995 | Cross-Site Scripting vulnerability in Smartertools Smartertrack Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. | 4.3 |
| 2010-08-25 | CVE-2009-4994 | Cross-Site Scripting vulnerability in Smartertools Smartertrack Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2008-04-16 | CVE-2008-1854 | Denial Of Service vulnerability in Smartertools Smartermail 5.0.2999 Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. | 5.0 |
| 2008-02-21 | CVE-2008-0872 | Cross-Site Scripting vulnerability in Smartertools Smartermail Enterprise 4.3 Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message. | 4.3 |