Lucene search
K

197 matches found

Prion
Prion
added 2019/01/16 4:29 p.m.13 views

Cross site scripting

SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using...

4.3CVSS6.2AI score0.01122EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/01/16 4:0 p.m.39 views

CVE-2015-9276

SmarterMail (SmarterTools) before version 13.3.5535 is affected by a stored XSS vulnerability where attacker-controlled HTML/JS in an email bypasses anti-XSS protections. When a victim opens or replies to the attacker’s email, JS executes; passwords could be reset on the password-reset page that ...

6.1CVSS6.1AI score0.01122EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/01/16 4:0 p.m.18 views

CVE-2015-9276

SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using...

6.2AI score0.01122EPSS
Exploits0References3
Vulnerability Lab
Vulnerability Lab
added 2014/09/22 12:0 a.m.24 views

SmarterTools Smarter Track 6-10 - Information Disclosure

Document Title: =============== SmarterTools Smarter Track 6-10 - Information Disclosure References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1298 Tracking ID: 088-1B879F0C-0A22 Release Date: ============= 2014-09-22 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2014/09/22 12:0 a.m.18 views

SmarterTools Smarter Track 6-10 - Information Disclosure

Document Title: =============== SmarterTools Smarter Track 6-10 - Information Disclosure References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1298 Tracking ID: 088-1B879F0C-0A22 Release Date: ============= 2014-09-22 Vulnerability Laboratory ID VL-ID:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

SmarterTools SmarterMail 4.3 Subject Field HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27878/info SmarterMail is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affecte...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28610/info SmarterTools SmarterMail is prone to a denial-of-service vulnerability when handling specially crafted HTTP GET, HEAD, PUT, POST, and TRACE requests. When the server eventually resets the request connection, it...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2011/12/21 12:0 a.m.39 views

SmarterTools SmarterStats Multiple Vulnerabilities

This host is SmarterTools SmarterStats and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.9AI score0.02004EPSS
Exploits0References2
NVD
NVD
added 2011/12/16 11:55 a.m.14 views

CVE-2011-4752

SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients,...

10CVSS6.7AI score0.02004EPSS
Exploits0References2
NVD
NVD
added 2011/12/16 11:55 a.m.17 views

CVE-2011-4751

SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...

5CVSS6.1AI score0.0116EPSS
Exploits0References2
Prion
Prion
added 2011/12/16 11:55 a.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files...

4.3CVSS6.1AI score0.00931EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2011/12/16 11:55 a.m.18 views

Design/Logic Flaw

SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients,...

10CVSS7.2AI score0.02004EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/12/16 11:55 a.m.17 views

Cross site scripting

SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...

5CVSS6.6AI score0.0116EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/12/16 11:0 a.m.47 views

CVE-2011-4750

CVE-2011-4750 concerns multiple XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 . The affected component is a PHP-based web interface; attackers can inject arbitrary web script or HTML through crafted input, with demonstrations tied to Default.aspx and other files. The public descriptio...

4.3CVSS5.9AI score0.00931EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2011/12/16 11:0 a.m.18 views

CVE-2011-4752

SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients,...

6.7AI score0.02004EPSS
Exploits0References2
Cvelist
Cvelist
added 2011/12/16 11:0 a.m.28 views

CVE-2011-4751

SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...

6.1AI score0.0116EPSS
Exploits0References2
CVE
CVE
added 2011/12/16 11:0 a.m.43 views

CVE-2011-4751

CVE-2011-4751 affects SmarterTools SmarterStats 6.2.4100. The issue arises when responses to GET requests with query strings for frmGettingStarted.aspx generate pages containing external links, enabling cross-domain Referer leakage. This can let remote attackers read web-server access logs or web...

5CVSS6.3AI score0.0116EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2011/12/16 11:0 a.m.26 views

CVE-2011-4750

Multiple cross-site scripting XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files...

5.8AI score0.00931EPSS
Exploits0References1
CVE
CVE
added 2011/12/16 11:0 a.m.50 views

CVE-2011-4752

CVE-2011-4752 concerns SmarterTools SmarterStats 6.2.4100, where incorrect Content-Type headers for certain resources may enable a remote impact through an interpretation conflict involving frmCustomReport.aspx and related files. Affected scope includes SmarterStats, though possible that only cli...

10CVSS6.9AI score0.02004EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2011/06/01 12:0 a.m.79 views

SmarterTools SmarterMail Multiple Vulnerabilities (May 2011) - Active Check

SmarterTools SmarterMail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS6.9AI score0.05321EPSS
Exploits0References3
Rows per page
Query Builder