SmarterMail < 100.0.9526 XSS (CVE-2026-26930)

The version of SmarterTools SmarterMail installed on the remote host is prior to 100.0.9526. It is, therefore, affected by a cross-site scripting vulnerability: - SmarterTools SmarterMail before build 9526 allows XSS via MAPI requests. CVE-2026-26930 Note that Nessus has not tested for this issue...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11953link is external React Native Community CLI OS Command Injection Vulnerability CVE-2026-24423link is external SmarterTools SmarterMail Missing...

EUVD-2008-0879

Malware in sbrugna...

EUVD-2021-19090

Malware in sbrugna...

EUVD-2019-16756

Malware in sbrugna...

CVE-2021-32234

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution...

CVE-2023-48116

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment...

Cross site scripting

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment...

SmarterTools SmarterMail Security Breach

SmarterTools SmarterMail is a set of mail server software from SmarterTools. The software supports spam filtering, statistics, Simple Mail Transfer Protocol SMTP authentication, and other features. A security vulnerability exists in SmarterTools SmarterMail versions 8495 through 8664, which stems...

Metasploit Weekly Wrap-Up

Authentication bypass in Wordpress Plugin WooCommerce Payments This week's Metasploit release includes a module for CVE-2023-28121 by h00die. This module can be used against any wordpress instance that uses WooCommerce payments 5.6.1. This module exploits an auth by-pass vulnerability in the...

SmarterTools SmarterMail Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution', 'Description' = %q This module exploits a...

Remote code execution

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution...

CVE-2021-32234

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution...

CVE-2020-29548

SmarterMail (SmarterTools) up to v100.0.7537 is affected. In this CVE, a meddler-in-the-middle can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. The issue is described across multiple sources (NVD entry for CVE-2020-29548 and vendor refe...

Cross site scripting

SmarterTools SmarterMail before Build 7776 allows XSS...

CVE-2021-32233

SmarterTools SmarterMail before Build 7776 allows XSS...

CVE-2019-7213

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside th...

CVE-2019-7214

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch...

CVE-2019-7214

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch...

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...