SmarterMail version 7.x suffers from cross site scripting, shell upload and directory traversal vulnerabilities.
5542870334cfbed1b3626bc964047046d9f725188b24a641c1a04d3d7474cf98
This Metasploit module exploits a vulnerability in the SmarterTools SmarterMail software for version numbers 16.x and below or for build numbers below 6985. The vulnerable versions and builds expose three .NET remoting endpoints on port 17001, namely /Servers, /Mail and /Spool. For example, a typical installation of SmarterMail Build 6970 will have the /Servers endpoint exposed to the public at tcp://0.0.0.0:17001/Servers, where serialized .NET commands can be sent through a TCP socket connection. The three endpoints perform deserialization of untrusted data (CVE-2019-7214), allowing an attacker to send arbitrary commands to be deserialized and executed. This module exploits this vulnerability to perform .NET deserialization attacks, allowing remote code execution for any unauthenticated user under the context of the SYSTEM account. Successful exploitation results in full administrative control of the target server under the NT AUTHORITY\SYSTEM account. This vulnerability was patched in Build 6985, where the 17001 port is no longer publicly accessible, although it can be accessible locally at 127.0.0.1:17001. Hence, this would still allow for a privilege escalation vector if the server is compromised as a low-privileged user.
c00513d64b0afbcf82cfd8c3569e9b9bd32c506402e79960d11808c409ea5c44
SmarterMail build version 6985 suffers from a remote code execution vulnerability.
03a34ec5b65f814667108d5769e315ba381562b01bceb44b9f6931123cc94443
SmarterMail 16 suffers from an arbitrary file upload vulnerability.
d99f22976a0cdef98e659c1ee2684d7744855682a5a86267c256f46720d99efd
SmarterMail Enterprise and Standard versions 11.x and below suffer from a persistent cross site scripting vulnerability.
2ed7fdcafc2c32f5180ce94a972dd1a299b8ef19a252dc6474a6b3e1d1d65458
SmarterTools SmarterMail version 8.0 suffers from multiple cross site scripting vulnerabilities.
d79dc1dfa1dea9c0c04be9585a4091dccd9d4c5cd706ede9b1b1418dce1a10e4
SmarterMail version 7.2.3925 suffers from a LDAP injection vulnerability.
a35fb51611d497bf74601e9a950e6412d34cb7726e467546312f6d499af71053
SmarterMail version 7.2.3925 suffers from a cross site scripting vulnerability.
5e568360a60db57bdd1502c94d5f663903dea56acbe16bd8ebfff52f2f4820ef
SmarterMail version 7.1.3876 suffers from a directory traversal vulnerability.
ace2442491053747a431df1026f5e2044cc7284a386c1e83455a87398d2d70fa
SmarterMail Enterprise version 4.3 suffers from a cross site scripting vulnerability.
00f0b57b17d9f5329c18ab386b23343742217fc1849bb66ceac031ba34cd06e7