Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smartertools smartermail vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-2583
SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote malicious users to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25.
Smartertools Smartermail 1.6.1511
Smartertools Smartermail 1.6.1529
NA
CVE-2004-2584
frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability.
Smartertools Smartermail 1.6.1511
Smartertools Smartermail 1.6.1529
NA
CVE-2004-2585
Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote malicious users to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area.
Smartertools Smartermail 1.6.1511
Smartertools Smartermail 1.6.1529
NA
CVE-2004-2586
Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote malicious users to read arbitrary files via the filename parameter.
Smartertools Smartermail 1.6.1511
Smartertools Smartermail 1.6.1529
NA
CVE-2004-2587
login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote malicious users to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow.
Smartertools Smartermail 1.6.1511
Smartertools Smartermail 1.6.1529
9.8
CVSSv3
CVE-2021-32234
SmarterTools SmarterMail 16.x up to and including 100.x prior to 100.0.7803 allows remote code execution.
Smartertools Smartermail
6.1
CVSSv3
CVE-2015-9276
SmarterTools SmarterMail prior to 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' pass...
Smartertools Smartermail
5.4
CVSSv3
CVE-2021-40377
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.
Smartertools Smartermail
8.1
CVSSv3
CVE-2020-29548
An issue exists in SmarterTools SmarterMail up to and including 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.
Smartertools Smartermail
8.2
CVSSv3
CVE-2019-7212
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.
Smartertools Smartermail
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »