Lucene search
HistorySep 22, 2010 - 8:00 p.m.
CVE-2010-3486
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.7%
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) …/ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.
Affected configurations
Node
smartertoolssmartermailMatch7.1.3876
Related
exploitpack
exploitpack
SmarterMail 7.2.3925 - Persistent Cross-Site Scripting
2010-10-02 00:00:00
SmarterMail 7.2.3925 - LDAP Injection
2010-10-02 00:00:00
SmarterMail 7.37.4 - Multiple Vulnerabilities
2011-03-10 00:00:00
cve
cve
CVE-2010-3486
2010-09-22 20:00:10
cvelist
cvelist
CVE-2010-3486
2010-09-22 19:00:00
packetstorm
packetstorm
SmarterMail 7.x Cross Site Scripting
2010-10-04 00:00:00
SmarterMail 7.x LDAP Injection
2010-10-04 00:00:00
SmarterMail 7.x Cross Site Scripting / Shell Upload / Traversal
2011-03-10 00:00:00
prion
prion
Directory traversal
2010-09-22 20:00:00
openvas
openvas
SmarterMail Directory Traversal Vulnerability
2010-10-01 00:00:00
exploitdb
exploitdb
SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting
2010-10-02 00:00:00
SmarterMail < 7.2.3925 - LDAP Injection
2010-10-02 00:00:00
SmarterMail 7.3/7.4 - Multiple Vulnerabilities
2011-03-10 00:00:00
seebug
seebug
smartermail 7.3 & 7.4 - Multiple Vulnerabilities
2014-07-01 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.7%
Related for NVD:CVE-2010-3486