Vulnerabilities > Smartertools > Smartermail
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-24 | CVE-2019-7212 | Use of Hard-coded Credentials vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. | 6.4 |
2019-04-24 | CVE-2019-7211 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 6995 has stored XSS. | 4.3 |
2019-01-16 | CVE-2015-9276 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. | 4.3 |
2012-09-19 | CVE-2012-2578 | Cross-Site Scripting vulnerability in Smartertools Smartermail 9.2 Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document. | 4.3 |
2010-09-22 | CVE-2010-3486 | Path Traversal vulnerability in Smartertools Smartermail 7.1.3876 Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter. | 5.0 |
2008-04-16 | CVE-2008-1854 | Denial Of Service vulnerability in Smartertools Smartermail 5.0.2999 Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. | 5.0 |
2004-12-31 | CVE-2004-2587 | Denial-Of-Service vulnerability in Smartertools Smartermail 1.6.1511/1.6.1529 login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow. | 5.0 |
2004-12-31 | CVE-2004-2586 | Directory Traversal vulnerability in Smartertools Smartermail 1.6.1511/1.6.1529 Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter. | 5.0 |
2004-12-31 | CVE-2004-2585 | Cross-Site Scripting vulnerability in Smartertools Smartermail 1.6.1511/1.6.1529 Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area. network smartertools | 4.3 |
2004-12-31 | CVE-2004-2584 | Remote Security vulnerability in Smartertools Smartermail 1.6.1511/1.6.1529 frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). | 4.0 |