Filtered by vendor Smartertools
Subscribe
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0872 | 1 Smartertools | 1 Smartermail Enterprise | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message. | |||||
| CVE-2008-1854 | 1 Smartertools | 1 Smartermail | 2026-04-23 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2004-2585 | 1 Smartertools | 1 Smartermail | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area. | |||||
| CVE-2004-2586 | 1 Smartertools | 1 Smartermail | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter. | |||||
| CVE-2004-2584 | 1 Smartertools | 1 Smartermail | 2026-04-16 | 4.0 MEDIUM | N/A |
| frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability. | |||||
| CVE-2004-2583 | 1 Smartertools | 1 Smartermail | 2026-04-16 | 7.8 HIGH | N/A |
| SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25. | |||||
| CVE-2004-2587 | 1 Smartertools | 1 Smartermail | 2026-04-16 | 5.0 MEDIUM | N/A |
| login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow. | |||||
| CVE-2026-25067 | 1 Smartertools | 1 Smartermail | 2026-03-09 | N/A | 5.3 MEDIUM |
| SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication. | |||||
| CVE-2020-36926 | 1 Smartertools | 1 Smartertrack | 2026-02-09 | N/A | 7.5 HIGH |
| SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers. | |||||
| CVE-2026-24423 | 1 Smartertools | 1 Smartermail | 2026-02-06 | N/A | 9.8 CRITICAL |
| SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application. | |||||
| CVE-2026-23760 | 1 Smartertools | 1 Smartermail | 2026-01-27 | N/A | 9.8 CRITICAL |
| SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host. | |||||
| CVE-2025-52691 | 1 Smartertools | 1 Smartermail | 2026-01-27 | N/A | 10.0 CRITICAL |
| Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. | |||||
| CVE-2017-14620 | 1 Smartertools | 1 Smarterstats | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | |||||
| CVE-2023-48116 | 1 Smartertools | 1 Smartermail | 2024-11-21 | N/A | 5.4 MEDIUM |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. | |||||
| CVE-2023-48115 | 1 Smartertools | 1 Smartermail | 2024-11-21 | N/A | 5.4 MEDIUM |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. | |||||
| CVE-2023-48114 | 1 Smartertools | 1 Smartermail | 2024-11-21 | N/A | 5.4 MEDIUM |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name. | |||||
| CVE-2022-24387 | 1 Smartertools | 1 Smartertrack | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 | |||||
| CVE-2022-24386 | 1 Smartertools | 1 Smartertrack | 2024-11-21 | 3.5 LOW | 8.8 HIGH |
| Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||
| CVE-2022-24385 | 1 Smartertools | 1 Smartertrack | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||
| CVE-2022-24384 | 1 Smartertools | 1 Smartertrack | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||