CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29548
https://notcve.org/view.php?id=CVE-2020-29548
17 Aug 2021 — An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. Se ha detectado un problema en SmarterTools SmarterMail versiones hasta 100.0.7537. Unos atacantes de tipo "Meddler-in-the-middle" pueden canalizar comandos después de un comando POP3 STLS, inyectando comandos de texto plano en una sesión de usuario cifrada. • https://nostarttls.secvuln.info • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32233
https://notcve.org/view.php?id=CVE-2021-32233
05 Jul 2021 — SmarterTools SmarterMail before Build 7776 allows XSS. SmarterTools SmarterMail versiones anteriores al Build 7776, permiten una vulnerabilidad de tipo XSS • https://www.smartertools.com/smartermail/release-notes/current • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7213
https://notcve.org/view.php?id=CVE-2019-7213
24 Apr 2019 — SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories. SmarterTools SmarterMail versión 16.x anterior a la compilación 6985, permite el salto de directorios (directory traversal). Un usuario autenticado podría suprimir archivos arbitrarios o podría cr... • https://github.com/secunnix/CVE-2019-7213 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7212
https://notcve.org/view.php?id=CVE-2019-7212
24 Apr 2019 — SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists. SmarterTools SmarterMail 16.x antes de la compilación 6985 tiene claves secretas codificadas. Un atacante no autenticado podría acceder a los correos electrónicos y archivos adjuntos de otros usuarios. • https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7211
https://notcve.org/view.php?id=CVE-2019-7211
24 Apr 2019 — SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment. SmarterTools SmarterMail versión 16.x anterior a la compilación 6995 tiene Cross-Site Scripting (XSS). El código JavaScript puede ejecutarse en la aplicación abriendo un correo electrónico malicioso o al ver un archivo adjunto malicioso. • https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 88%CPEs: 1EXPL: 4CVE-2019-7214 – SmarterMail Build 6985 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-7214
24 Apr 2019 — SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch. SmarterTools SmarterMail versión 16.x anterior a la compilación 6985, permite la deserialización de datos no confiables. Un atacante no autenticado podría ejecutar comandos en el servidor cuando el puerto 17001 estaba accesible de form... • https://www.exploit-db.com/exploits/49216 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9276
https://notcve.org/view.php?id=CVE-2015-9276
16 Jan 2019 — SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. SmarterTools SmarterMail, en versiones anteriores a la 13.3.5535, era vulnerable a Cross-Site Scripting (XSS) persistente mediante la omi... • https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-14620 – SmarterStats 11.3.6347 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-14620
29 Sep 2017 — SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. La versión 11.3.6347 de SmarterStats renderiza el campo Referer de archivos de registro HTTP desde URL /Data/Reports/ReferringURLsWithQueries. Esto provocaría un Cross-Site Scripting (XSS) persistente. SmarterStats version 11.3.6347 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/42923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2012-2578 – smartermail free 9.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2578
19 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Smarte... • https://www.exploit-db.com/exploits/20362 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4750
https://notcve.org/view.php?id=CVE-2011-4750
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SmarterTools SmarterStats 6.2.4100 permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de entradas modificadas a un script PHP, tal como se ha... • http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •