Filtered by vendor Smartertools
Subscriptions
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24386 | 1 Smartertools | 1 Smartertrack | 2024-09-17 | 8.8 High |
| Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | ||||
| CVE-2022-24385 | 1 Smartertools | 1 Smartertrack | 2024-09-17 | 6.5 Medium |
| A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | ||||
| CVE-2022-24384 | 1 Smartertools | 1 Smartertrack | 2024-09-17 | 8.8 High |
| Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | ||||
| CVE-2012-2578 | 1 Smartertools | 1 Smartermail | 2024-09-17 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document. | ||||
| CVE-2009-4994 | 1 Smartertools | 1 Smartertrack | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2009-4995 | 1 Smartertools | 1 Smartertrack | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2011-4750 | 1 Smartertools | 1 Smarterstats | 2024-09-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files. | ||||
| CVE-2004-2583 | 1 Smartertools | 1 Smartermail | 2024-08-08 | N/A |
| SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25. | ||||
| CVE-2004-2587 | 1 Smartertools | 1 Smartermail | 2024-08-08 | N/A |
| login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow. | ||||
| CVE-2004-2586 | 1 Smartertools | 1 Smartermail | 2024-08-08 | N/A |
| Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter. | ||||
| CVE-2004-2585 | 1 Smartertools | 1 Smartermail | 2024-08-08 | N/A |
| Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area. | ||||
| CVE-2004-2584 | 1 Smartertools | 1 Smartermail | 2024-08-08 | N/A |
| frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability. | ||||
| CVE-2008-1854 | 1 Smartertools | 1 Smartermail | 2024-08-07 | N/A |
| Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0872 | 1 Smartertools | 1 Smartermail Enterprise | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message. | ||||
| CVE-2010-3486 | 1 Smartertools | 1 Smartermail | 2024-08-07 | N/A |
| Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter. | ||||
| CVE-2010-3425 | 1 Smartertools | 1 Smarterstats | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2011-4751 | 1 Smartertools | 1 Smarterstats | 2024-08-07 | N/A |
| SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | ||||
| CVE-2011-4752 | 1 Smartertools | 1 Smarterstats | 2024-08-07 | N/A |
| SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. | ||||
| CVE-2011-2158 | 1 Smartertools | 1 Smarterstats | 2024-08-06 | N/A |
| The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. | ||||
| CVE-2011-2151 | 1 Smartertools | 1 Smarterstats | 2024-08-06 | N/A |
| The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||