Summary
This host is running SmarterMail and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to conduct cross site scripting, command execution and directory traversal attacks.
Impact Level: Application
Solution
Upgrade to SmarterTools SmarterMail 8.0 or later,
For updates refer to http://www.smartertools.com/smartermail/mail-server-software.aspx
Insight
Multiple flaws are present in the application. More detail is available at,
http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html
Affected
SmarterTools SmarterMail versions 6.0 and prior.
References
Severity
Classification
-
CVE CVE-2011-2148, CVE-2011-2149, CVE-2011-2150, CVE-2011-2151, CVE-2011-2152, CVE-2011-2153, CVE-2011-2154, CVE-2011-2155, CVE-2011-2156, CVE-2011-2157, CVE-2011-2158, CVE-2011-2159 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities