CVE-2019-7213

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside th...

Directory traversal

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside th...

CVE-2019-7213

SmarterTools SmarterMail 16.x before build 6985 is affected by a directory traversal vulnerability. An authenticated user could delete arbitrary files or create files in new folders on the mail server, potentially leading to command execution if those files are placed in web directories. Root cau...

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 is affected by a hardcoded secret key vulnerability that enables an unauthenticated actor to access other users’ emails and file attachments and to interact with mailing lists. Root cause: hardcoded credentials in the product. Affected component: Sm...

PT-2019-18466 · Smartertools · Smartermail

Name of the Vulnerable Software and Affected Versions: SmarterTools SmarterMail versions prior to build 6985 Description: The issue allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not...