exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files

SmarterMail 7.x Cross Site Scripting / Shell Upload / Traversal
Posted Mar 10, 2011
Authored by sqlhacker

SmarterMail version 7.x suffers from cross site scripting, shell upload and directory traversal vulnerabilities.

tags | exploit, shell, vulnerability, xss, file inclusion
SHA-256 | 5542870334cfbed1b3626bc964047046d9f725188b24a641c1a04d3d7474cf98

Related Files

SmarterTools SmarterMail Remote Code Execution
Posted Jul 11, 2023
Authored by Soroush Dalili, 1F98D, Ismail E. Dawoodjee | Site metasploit.com

This Metasploit module exploits a vulnerability in the SmarterTools SmarterMail software for version numbers 16.x and below or for build numbers below 6985. The vulnerable versions and builds expose three .NET remoting endpoints on port 17001, namely /Servers, /Mail and /Spool. For example, a typical installation of SmarterMail Build 6970 will have the /Servers endpoint exposed to the public at tcp://0.0.0.0:17001/Servers, where serialized .NET commands can be sent through a TCP socket connection. The three endpoints perform deserialization of untrusted data (CVE-2019-7214), allowing an attacker to send arbitrary commands to be deserialized and executed. This module exploits this vulnerability to perform .NET deserialization attacks, allowing remote code execution for any unauthenticated user under the context of the SYSTEM account. Successful exploitation results in full administrative control of the target server under the NT AUTHORITY\SYSTEM account. This vulnerability was patched in Build 6985, where the 17001 port is no longer publicly accessible, although it can be accessible locally at 127.0.0.1:17001. Hence, this would still allow for a privilege escalation vector if the server is compromised as a low-privileged user.

tags | exploit, remote, arbitrary, tcp, code execution
advisories | CVE-2019-7214
SHA-256 | c00513d64b0afbcf82cfd8c3569e9b9bd32c506402e79960d11808c409ea5c44
SmarterMail 6985 Remote Code Execution
Posted Dec 9, 2020
Authored by Soroush Dalili, 1F98D

SmarterMail build version 6985 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-7214
SHA-256 | 03a34ec5b65f814667108d5769e315ba381562b01bceb44b9f6931123cc94443
SmarterMail 16 Arbitrary File Upload
Posted Jun 13, 2020
Authored by vvhack.org

SmarterMail 16 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | d99f22976a0cdef98e659c1ee2684d7744855682a5a86267c256f46720d99efd
SmarterMail 11.x Cross Site Scripting
Posted Jan 15, 2014
Authored by Saeed reza Zamanian

SmarterMail Enterprise and Standard versions 11.x and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ed7fdcafc2c32f5180ce94a972dd1a299b8ef19a252dc6474a6b3e1d1d65458
SmarterTools SmarterMail 8.0 Cross Site Scripting
Posted Mar 15, 2011
Authored by sqlhacker

SmarterTools SmarterMail version 8.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d79dc1dfa1dea9c0c04be9585a4091dccd9d4c5cd706ede9b1b1418dce1a10e4
SmarterMail 7.x LDAP Injection
Posted Oct 4, 2010
Authored by sqlhacker

SmarterMail version 7.2.3925 suffers from a LDAP injection vulnerability.

tags | exploit
SHA-256 | a35fb51611d497bf74601e9a950e6412d34cb7726e467546312f6d499af71053
SmarterMail 7.x Cross Site Scripting
Posted Oct 4, 2010
Authored by sqlhacker

SmarterMail version 7.2.3925 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5e568360a60db57bdd1502c94d5f663903dea56acbe16bd8ebfff52f2f4820ef
SmarterMail 7.1.3876 Directory Traversal
Posted Sep 21, 2010
Authored by sqlhacker

SmarterMail version 7.1.3876 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | ace2442491053747a431df1026f5e2044cc7284a386c1e83455a87398d2d70fa
smartermail-xss.txt
Posted Feb 20, 2008
Authored by Juan Pablo Lopez Yacubian

SmarterMail Enterprise version 4.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 00f0b57b17d9f5329c18ab386b23343742217fc1849bb66ceac031ba34cd06e7
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close