197 matches found
CVE-2022-24385
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010...
SmarterMail Cross-Site Scripting Vulnerability
SmarterMail is a mail server software from Smartertools, Inc. The software supports spam filtering, statistics, and simple mail transfer protocol SMTP authentication.SmarterMail has a cross-site scripting vulnerability in 16.x through 100.x. The vulnerability stems from a lack of data validation...
CVE-2021-43977
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS...
CVE-2021-43977
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS...
CVE-2021-32234
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution...
CVE-2021-32234
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution...
Remote code execution
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution...
CVE-2021-43977
The CVE-2021-43977 entry concerns SmarterTools SmarterMail 16.x through 100.x, prior to 100.0.7803, with a Cross-Site Scripting (XSS) vulnerability. The root cause is insufficient validation/filtering of user-supplied data, enabling malicious script execution in the client browser. Affected compo...
CVE-2021-43977
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS...
CVE-2021-32234
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution...
SmarterTools SmarterTrack 7922 Information Disclosure
Exploit Title: SmarterTools SmarterTrack 7922 - 'Multiple' Information Disclosure Google Dork: intext:"Powered by SmarterTrack" Date: 23/01/2020 Exploit Author: Andrei Manole Vendor Homepage: https://www.smartertools.com/ Software Link: https://www.smartertools.com/smartertrack Version: TESTED ON...
SmarterTools SmarterTrack 7922 - (Multiple) Information Disclosure Vulnerability
Exploit Title: SmarterTools SmarterTrack 7922 - 'Multiple' Information Disclosure Google Dork: intext:"Powered by SmarterTrack" Date: 23/01/2020 Exploit Author: Andrei Manole Vendor Homepage: https://www.smartertools.com/ Software Link: https://www.smartertools.com/smartertrack Version: TESTED ON...
SmarterTools SmarterTrack 7922 - 'Multiple' Information Disclosure
Exploit Title: SmarterTools SmarterTrack 7922 - 'Multiple' Information Disclosure Google Dork: intext:"Powered by SmarterTrack" Date: 23/01/2020 Exploit Author: Andrei Manole Vendor Homepage: https://www.smartertools.com/ Software Link: https://www.smartertools.com/smartertrack Version: TESTED ON...
CVE-2021-40377
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application...
Cross site scripting
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application...
CVE-2021-40377
The CVE-2021-40377 entry affects SmarterTools SmarterMail 16.x prior to build 7866, where stored XSS occurs because the application fails to sanitize email content. This allows injected HTML/JavaScript to be stored and later processed by the app. The available connected documents confirm the prod...
CVE-2021-40377
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application...
CVE-2020-29548
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session...
CVE-2020-29548
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session...
CVE-2020-29548
SmarterMail (SmarterTools) up to v100.0.7537 is affected. In this CVE, a meddler-in-the-middle can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. The issue is described across multiple sources (NVD entry for CVE-2020-29548 and vendor refe...