Filtered by vendor Smartertools
Subscriptions
Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4752 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | N/A |
| SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. | ||||
| CVE-2011-4750 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files. | ||||
| CVE-2010-3425 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2009-4994 | 1 Smartertools | 1 Smartertrack | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2011-2149 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx; certain cookies to (5) Services/SiteAdmin.asmx or (6) login.aspx; the Referer HTTP header to (7) Services/SiteAdmin.asmx or (8) login.aspx; or (9) the User-Agent HTTP header to Services/SiteAdmin.asmx. | ||||
| CVE-2011-2150 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | N/A |
| The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue. | ||||
| CVE-2011-2153 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | N/A |
| Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue. | ||||
| CVE-2008-1854 | 1 Smartertools | 1 Smartermail | 2025-04-09 | N/A |
| Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0872 | 1 Smartertools | 1 Smartermail Enterprise | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message. | ||||
| CVE-2004-2587 | 1 Smartertools | 1 Smartermail | 2025-04-03 | N/A |
| login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow. | ||||
| CVE-2004-2584 | 1 Smartertools | 1 Smartermail | 2025-04-03 | N/A |
| frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability. | ||||
| CVE-2004-2583 | 1 Smartertools | 1 Smartermail | 2025-04-03 | N/A |
| SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25. | ||||
| CVE-2004-2586 | 1 Smartertools | 1 Smartermail | 2025-04-03 | N/A |
| Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter. | ||||
| CVE-2004-2585 | 1 Smartertools | 1 Smartermail | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area. | ||||
| CVE-2022-24385 | 1 Smartertools | 1 Smartertrack | 2025-03-11 | 6.5 Medium |
| A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | ||||
| CVE-2022-24386 | 1 Smartertools | 1 Smartertrack | 2025-03-11 | 8.8 High |
| Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | ||||
| CVE-2022-24384 | 1 Smartertools | 1 Smartertrack | 2025-03-11 | 8.8 High |
| Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | ||||
| CVE-2022-24387 | 1 Smartertools | 1 Smartertrack | 2025-03-11 | 9.1 Critical |
| With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 | ||||
| CVE-2023-48116 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.4 Medium |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. | ||||
| CVE-2023-48115 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.4 Medium |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. | ||||