CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29548
https://notcve.org/view.php?id=CVE-2020-29548
17 Aug 2021 — An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. Se ha detectado un problema en SmarterTools SmarterMail versiones hasta 100.0.7537. Unos atacantes de tipo "Meddler-in-the-middle" pueden canalizar comandos después de un comando POP3 STLS, inyectando comandos de texto plano en una sesión de usuario cifrada. • https://nostarttls.secvuln.info • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32233
https://notcve.org/view.php?id=CVE-2021-32233
05 Jul 2021 — SmarterTools SmarterMail before Build 7776 allows XSS. SmarterTools SmarterMail versiones anteriores al Build 7776, permiten una vulnerabilidad de tipo XSS • https://www.smartertools.com/smartermail/release-notes/current • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9276
https://notcve.org/view.php?id=CVE-2015-9276
16 Jan 2019 — SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. SmarterTools SmarterMail, en versiones anteriores a la 13.3.5535, era vulnerable a Cross-Site Scripting (XSS) persistente mediante la omi... • https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2CVE-2008-1854 – SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial of Service
https://notcve.org/view.php?id=CVE-2008-1854
16 Apr 2008 — Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad sin especificar en SmarterMail Web Server (SMWebSvr.exe) de SmarterMail 5.0.2999, permite a atacantes remotos provocar una denegación de ser... • https://www.exploit-db.com/exploits/31607 •