Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smartertools smartermail vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2004-2585
Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote malicious users to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area.
Smartertools Smartermail 1.6.1511
Smartertools Smartermail 1.6.1529
5
CVSSv2
CVE-2004-2587
login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote malicious users to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow.
Smartertools Smartermail 1.6.1529
Smartertools Smartermail 1.6.1511
4
CVSSv2
CVE-2004-2584
frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability.
Smartertools Smartermail 1.6.1511
Smartertools Smartermail 1.6.1529
7.8
CVSSv2
CVE-2004-2583
SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote malicious users to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25.
Smartertools Smartermail 1.6.1511
Smartertools Smartermail 1.6.1529
5
CVSSv2
CVE-2004-2586
Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote malicious users to read arbitrary files via the filename parameter.
Smartertools Smartermail 1.6.1511
Smartertools Smartermail 1.6.1529
NA
CVE-2023-48114
SmarterTools SmarterMail 8495 through 8664 prior to 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controll...
Smartertools Smartermail
NA
CVE-2023-48115
SmarterTools SmarterMail 8495 through 8664 prior to 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.
Smartertools Smartermail
NA
CVE-2023-48116
SmarterTools SmarterMail 8495 through 8664 prior to 8747 allows stored XSS via a crafted description of a Calendar appointment.
Smartertools Smartermail
4.3
CVSSv2
CVE-2015-9276
SmarterTools SmarterMail prior to 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' pass...
Smartertools Smartermail
4.3
CVSSv2
CVE-2021-32233
SmarterTools SmarterMail before Build 7776 allows XSS.
Smartertools Smartermail
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »