CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7211
https://notcve.org/view.php?id=CVE-2019-7211
24 Apr 2019 — SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment. SmarterTools SmarterMail versión 16.x anterior a la compilación 6995 tiene Cross-Site Scripting (XSS). El código JavaScript puede ejecutarse en la aplicación abriendo un correo electrónico malicioso o al ver un archivo adjunto malicioso. • https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 88%CPEs: 1EXPL: 4CVE-2019-7214 – SmarterMail Build 6985 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-7214
24 Apr 2019 — SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch. SmarterTools SmarterMail versión 16.x anterior a la compilación 6985, permite la deserialización de datos no confiables. Un atacante no autenticado podría ejecutar comandos en el servidor cuando el puerto 17001 estaba accesible de form... • https://www.exploit-db.com/exploits/49216 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9276
https://notcve.org/view.php?id=CVE-2015-9276
16 Jan 2019 — SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. SmarterTools SmarterMail, en versiones anteriores a la 13.3.5535, era vulnerable a Cross-Site Scripting (XSS) persistente mediante la omi... • https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2012-2578 – smartermail free 9.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2578
19 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Smarte... • https://www.exploit-db.com/exploits/20362 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 6CVE-2010-3486 – SmarterMail 7.3/7.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-3486
22 Sep 2010 — Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter. Vulnerabilidad de salto de directorio en FileStorageUpload.ashx en SmarterMail v7.1.3876, permite a atacantes remotos leer ficheros mediante (1) ../ (punto punto barra), (2) %5C o (3) %255c en el parámetro nombre. • https://www.exploit-db.com/exploits/16955 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2CVE-2008-1854 – SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial of Service
https://notcve.org/view.php?id=CVE-2008-1854
16 Apr 2008 — Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad sin especificar en SmarterMail Web Server (SMWebSvr.exe) de SmarterMail 5.0.2999, permite a atacantes remotos provocar una denegación de ser... • https://www.exploit-db.com/exploits/31607 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2008-0872 – SmarterTools SmarterMail 4.3 - 'Subject' HTML Injection
https://notcve.org/view.php?id=CVE-2008-0872
21 Feb 2008 — Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SmarterTools SmarterMail Enterprise 4.3 permite a atacantes remotos inyectar web script o HTML de su elección a través de un atributo STYLE de un elemento en el campo Subject de un mensaje de correo eletrónico. • https://www.exploit-db.com/exploits/31240 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2583
https://notcve.org/view.php?id=CVE-2004-2583
31 Dec 2004 — SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25. • http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2584
https://notcve.org/view.php?id=CVE-2004-2584
31 Dec 2004 — frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability. • http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2004-2585
https://notcve.org/view.php?id=CVE-2004-2585
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area. • http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt •