197 matches found
Cross site scripting
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using...
CVE-2015-9276
SmarterMail (SmarterTools) before version 13.3.5535 is affected by a stored XSS vulnerability where attacker-controlled HTML/JS in an email bypasses anti-XSS protections. When a victim opens or replies to the attacker’s email, JS executes; passwords could be reset on the password-reset page that ...
CVE-2015-9276
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using...
SmarterTools Smarter Track 6-10 - Information Disclosure
Document Title: =============== SmarterTools Smarter Track 6-10 - Information Disclosure References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1298 Tracking ID: 088-1B879F0C-0A22 Release Date: ============= 2014-09-22 Vulnerability Laboratory ID VL-ID:...
SmarterTools Smarter Track 6-10 - Information Disclosure
Document Title: =============== SmarterTools Smarter Track 6-10 - Information Disclosure References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1298 Tracking ID: 088-1B879F0C-0A22 Release Date: ============= 2014-09-22 Vulnerability Laboratory ID VL-ID:...
SmarterTools SmarterMail 4.3 Subject Field HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27878/info SmarterMail is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affecte...
SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial Of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28610/info SmarterTools SmarterMail is prone to a denial-of-service vulnerability when handling specially crafted HTTP GET, HEAD, PUT, POST, and TRACE requests. When the server eventually resets the request connection, it...
SmarterTools SmarterStats Multiple Vulnerabilities
This host is SmarterTools SmarterStats and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2011-4752
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients,...
CVE-2011-4751
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files...
Design/Logic Flaw
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients,...
Cross site scripting
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...
CVE-2011-4750
CVE-2011-4750 concerns multiple XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 . The affected component is a PHP-based web interface; attackers can inject arbitrary web script or HTML through crafted input, with demonstrations tied to Default.aspx and other files. The public descriptio...
CVE-2011-4752
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients,...
CVE-2011-4751
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...
CVE-2011-4751
CVE-2011-4751 affects SmarterTools SmarterStats 6.2.4100. The issue arises when responses to GET requests with query strings for frmGettingStarted.aspx generate pages containing external links, enabling cross-domain Referer leakage. This can let remote attackers read web-server access logs or web...
CVE-2011-4750
Multiple cross-site scripting XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files...
CVE-2011-4752
CVE-2011-4752 concerns SmarterTools SmarterStats 6.2.4100, where incorrect Content-Type headers for certain resources may enable a remote impact through an interpretation conflict involving frmCustomReport.aspx and related files. Affected scope includes SmarterStats, though possible that only cli...
SmarterTools SmarterMail Multiple Vulnerabilities (May 2011) - Active Check
SmarterTools SmarterMail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...