CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29548
https://notcve.org/view.php?id=CVE-2020-29548
17 Aug 2021 — An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. Se ha detectado un problema en SmarterTools SmarterMail versiones hasta 100.0.7537. Unos atacantes de tipo "Meddler-in-the-middle" pueden canalizar comandos después de un comando POP3 STLS, inyectando comandos de texto plano en una sesión de usuario cifrada. • https://nostarttls.secvuln.info • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32233
https://notcve.org/view.php?id=CVE-2021-32233
05 Jul 2021 — SmarterTools SmarterMail before Build 7776 allows XSS. SmarterTools SmarterMail versiones anteriores al Build 7776, permiten una vulnerabilidad de tipo XSS • https://www.smartertools.com/smartermail/release-notes/current • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9276
https://notcve.org/view.php?id=CVE-2015-9276
16 Jan 2019 — SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. SmarterTools SmarterMail, en versiones anteriores a la 13.3.5535, era vulnerable a Cross-Site Scripting (XSS) persistente mediante la omi... • https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2583
https://notcve.org/view.php?id=CVE-2004-2583
31 Dec 2004 — SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25. • http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2584
https://notcve.org/view.php?id=CVE-2004-2584
31 Dec 2004 — frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability. • http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2004-2585
https://notcve.org/view.php?id=CVE-2004-2585
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area. • http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2004-2586
https://notcve.org/view.php?id=CVE-2004-2586
31 Dec 2004 — Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter. • http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2004-2587
https://notcve.org/view.php?id=CVE-2004-2587
31 Dec 2004 — login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow. • http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt •