Filtered by vendor Smartertools
Subscribe
Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24387 | 1 Smartertools | 1 Smartertrack | 2022-03-18 | 6.5 MEDIUM | 7.2 HIGH |
| With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 | |||||
| CVE-2022-24386 | 1 Smartertools | 1 Smartertrack | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||
| CVE-2022-24384 | 1 Smartertools | 1 Smartertrack | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||
| CVE-2022-24385 | 1 Smartertools | 1 Smartertrack | 2022-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||
| CVE-2021-32234 | 1 Smartertools | 1 Smartermail | 2021-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. | |||||
| CVE-2021-43977 | 1 Smartertools | 1 Smartermail | 2021-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. | |||||
| CVE-2021-40377 | 1 Smartertools | 1 Smartermail | 2021-09-14 | 3.5 LOW | 5.4 MEDIUM |
| SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application. | |||||
| CVE-2020-29548 | 1 Smartertools | 1 Smartermail | 2021-08-25 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. | |||||
| CVE-2021-32233 | 1 Smartertools | 1 Smartermail | 2021-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterTools SmarterMail before Build 7776 allows XSS. | |||||
| CVE-2019-7214 | 1 Smartertools | 1 Smartermail | 2020-12-09 | 10.0 HIGH | 9.8 CRITICAL |
| SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch. | |||||
| CVE-2019-7212 | 1 Smartertools | 1 Smartermail | 2020-02-10 | 6.4 MEDIUM | 8.2 HIGH |
| SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists. | |||||
| CVE-2019-7213 | 1 Smartertools | 1 Smartermail | 2019-04-30 | 5.5 MEDIUM | 6.5 MEDIUM |
| SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories. | |||||
| CVE-2019-7211 | 1 Smartertools | 1 Smartermail | 2019-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment. | |||||
| CVE-2015-9276 | 1 Smartertools | 1 Smartermail | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. | |||||
| CVE-2008-0872 | 1 Smartertools | 1 Smartermail Enterprise | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message. | |||||
| CVE-2017-14620 | 1 Smartertools | 1 Smarterstats | 2017-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | |||||
| CVE-2011-4752 | 1 Smartertools | 1 Smarterstats | 2017-08-28 | 10.0 HIGH | N/A |
| SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. | |||||
| CVE-2011-4751 | 1 Smartertools | 1 Smarterstats | 2017-08-28 | 5.0 MEDIUM | N/A |
| SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | |||||
| CVE-2011-2151 | 1 Smartertools | 1 Smarterstats | 2017-08-28 | 5.0 MEDIUM | N/A |
| The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2011-2150 | 1 Smartertools | 1 Smarterstats | 2017-08-28 | 5.0 MEDIUM | N/A |
| The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue. | |||||