SmarterMail 7.x Cross Site Scripting / Shell Upload / Traversal

To: Vuln.Lists Re: Coordinated Disclosure, SmarterMail 7.x Versions Private Note - Rewrite as you wish, vendor has acknowledged these bugs and more and issued a fix. ------------------------------ Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Identified: October 28, 2010 Vendor:...

SmarterMail 7.x LDAP Injection

Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Tested on : SmarterMail 7.x 7.2.3925 //...

CVE-2010-3425

creationtimestamp| type| source ---|---|--- 2010-10-02 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/15185...

CVE-2010-3425

Cross-site scripting XSS vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter...

CVE-2010-3425

CVE-2010-3425 is a cross-site scripting vulnerability in SmarterStats 5.3 (including 5.3.3819) where an attacker can inject arbitrary script or HTML through the url parameter in UserControls/Popups/frmHelp.aspx. The NVD entry scores impact as CVSSv2: 4.3 (Medium) with network attack vector and us...