Summary
This host is running SmarterMail and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to conduct cross site scripting, shell upload and directory traversal attacks.
Impact Level: Application
Solution
Upgrade to SmarterTools SmarterMail 8.0 or later,
For updates refer to http://www.smartertools.com/smartermail/mail-server-software.aspx
Insight
Input passed in the 'path' parameter to Main/frmStoredFiles.aspx, the 'edit' parameter to UserControls/Popups/frmAddFileStorageFolder.aspx, the 'SubjectBox_SettingText' parameter to Main/Calendar/frmEvent.aspx, the 'url' parameter to UserControls/Popups/frmHelp.aspx, the 'folder' parameter to UserControls/Popups/frmDeleteConfirm.aspx, the 'editfolder' parameter to UserControls/Popups/frmEventGroup.aspx, the 'deletefolder' parameter to UserControls/Popups/frmEventGroup.aspx, and the 'bygroup' parameter to Main/Alerts/frmAlerts.aspx is not properly sanitised before being returned to the user.
Affected
SmarterTools SmarterMail versions 7.4 and prior.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Struts2/XWork Remote Command Execution Vulnerability
- 3Com NBX VoIP NetSet Detection
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability