CVE-2023-48114

CVE-2023-48114 affects SmarterTools SmarterMail 8495–8664, before 8747. A stored XSS flaw arises from handling image/svg+xml and uploaded SVGs, where the app permits youtube.com variants including an @ attacker-controlled domain name. Impact is stored XSS in web context via SVG upload; no exploit...

Remote code execution

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution...

CVE-2021-32234

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution...

SmarterMail 16 - Arbitrary File Upload Exploit

Exploit for multiple platform in category web applications Exploit Title: SmarterMail 16 - Arbitrary File Upload Google Dork: inurl:/interface/root Exploit Author: vvhack.org Vendor Homepage: https://www.smartertools.com Software Link: https://www.smartertools.com Version: 16.x Tested on: Windows...

SmarterMail 16 - Arbitrary File Upload

Exploit Title: SmarterMail 16 - Arbitrary File Upload Google Dork: inurl:/interface/root Date: 2020-06-10 Exploit Author: vvhack.org Vendor Homepage: https://www.smartertools.com Software Link: https://www.smartertools.com Version: 16.x Tested on: Windows CVE : N/A !/usr/bin/python3 import...

CVE-2019-7213

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside th...

CVE-2019-7214

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch...

Directory traversal

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside th...

Hardcoded credentials

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...

CVE-2019-7211

SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment...