CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2011-2155
https://notcve.org/view.php?id=CVE-2011-2155
20 May 2011 — Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation. Login.aspx en el servidor we SmarterTools SmarterStats v6.0 genera un campo de contraseñactl00$MPH$txtPassword sin desactivar la función de autocompletar, lo que hace que sea más fácil para los atacantes remotos evitar la autenticación mediante e... • http://www.kb.cert.org/vuls/id/240150 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2156
https://notcve.org/view.php?id=CVE-2011-2156
20 May 2011 — The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/. El servidor web... • http://www.kb.cert.org/vuls/id/240150 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2157
https://notcve.org/view.php?id=CVE-2011-2157
20 May 2011 — The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields. Los componentes (1) Admin/frmEmailReportSettings.aspx y (2) Admin/frmGeneralSettings.aspx en el servidor web SmarterTools SmarterStats v6.0, genera páginas web que contienen direcciones de correo electróni... • http://www.kb.cert.org/vuls/id/240150 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2148
https://notcve.org/view.php?id=CVE-2011-2148
20 May 2011 — Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 parameter, (5) the ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingTex... • http://www.kb.cert.org/vuls/id/240150 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-2158
https://notcve.org/view.php?id=CVE-2011-2158
20 May 2011 — The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/. NOTE: it is possible that only clients, n... • http://www.kb.cert.org/vuls/id/240150 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2159
https://notcve.org/view.php?id=CVE-2011-2159
20 May 2011 — The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/Defaults/frmDefaultSiteSettings.aspx, (2) Admin/Defaults/frmServerDefaults.aspx, (3) Admin/frmReportSettings.aspx, (4) Admin/frmSite.aspx, (5) App_Themes/Default/ButtonBarIcons.xml, (6) App_Themes/Default/Skin.xml, (7) Client/frmImportSettings.aspx, (8) Client/frmSeoSettings.aspx, (9) Se... • http://www.kb.cert.org/vuls/id/240150 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2010-3425 – SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-3425
16 Sep 2010 — Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en UserControls/Popups/frmHelp.aspx en SmarterStats v5.3, v5.3.3819, y posiblemente otras versiones v5.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro url. • https://www.exploit-db.com/exploits/15185 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •