Smartermail
by Smartertools
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32233 | 0.00 | — | 0.01 | Jul 5, 2021 | SmarterTools SmarterMail before Build 7776 allows XSS. | |||
| CVE-2019-7212 | 0.00 | — | 0.01 | Apr 24, 2019 | SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists. | |||
| CVE-2019-7211 | 0.00 | — | 0.01 | Apr 24, 2019 | SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment. | |||
| CVE-2015-9276 | 0.00 | — | 0.01 | Jan 16, 2019 | SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could… | |||
| CVE-2004-2585 | 0.00 | — | 0.01 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area. | |||
| CVE-2004-2586 | 0.00 | — | 0.02 | Dec 31, 2004 | Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter. | |||
| CVE-2004-2583 | 0.00 | — | 0.02 | Dec 31, 2004 | SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25. | |||
| CVE-2004-2587 | 0.00 | — | 0.02 | Dec 31, 2004 | login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow. | |||
| CVE-2004-2584 | 0.00 | — | 0.01 | Dec 31, 2004 | frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability. |
- CVE-2021-32233Jul 5, 2021risk 0.00cvss —epss 0.01
SmarterTools SmarterMail before Build 7776 allows XSS.
- CVE-2019-7212Apr 24, 2019risk 0.00cvss —epss 0.01
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.
- CVE-2019-7211Apr 24, 2019risk 0.00cvss —epss 0.01
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.
- CVE-2015-9276Jan 16, 2019risk 0.00cvss —epss 0.01
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could…
- CVE-2004-2585Dec 31, 2004risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area.
- CVE-2004-2586Dec 31, 2004risk 0.00cvss —epss 0.02
Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter.
- CVE-2004-2583Dec 31, 2004risk 0.00cvss —epss 0.02
SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25.
- CVE-2004-2587Dec 31, 2004risk 0.00cvss —epss 0.02
login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow.
- CVE-2004-2584Dec 31, 2004risk 0.00cvss —epss 0.01
frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability.
Page 2 of 2