Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smartertools smartermail vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-32234
SmarterTools SmarterMail 16.x up to and including 100.x prior to 100.0.7803 allows remote code execution.
Smartertools Smartermail
9.8
CVSSv3
CVE-2019-7214
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
Smartertools Smartermail
1 Github repository
8.2
CVSSv3
CVE-2019-7212
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.
Smartertools Smartermail
8.1
CVSSv3
CVE-2020-29548
An issue exists in SmarterTools SmarterMail up to and including 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.
Smartertools Smartermail
6.5
CVSSv3
CVE-2019-7213
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by puttin...
Smartertools Smartermail
6.1
CVSSv3
CVE-2021-43977
SmarterTools SmarterMail 16.x up to and including 100.x prior to 100.0.7803 allows XSS.
Smartertools Smartermail
6.1
CVSSv3
CVE-2021-32233
SmarterTools SmarterMail before Build 7776 allows XSS.
Smartertools Smartermail
6.1
CVSSv3
CVE-2019-7211
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.
Smartertools Smartermail
6.1
CVSSv3
CVE-2015-9276
SmarterTools SmarterMail prior to 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' pass...
Smartertools Smartermail
5.4
CVSSv3
CVE-2023-48114
SmarterTools SmarterMail 8495 through 8664 prior to 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controll...
Smartertools Smartermail
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »