CVE-2010-3486
published 2010-09-22CVE-2010-3486: Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot…
PriorityP333medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.13%
86.3th percentile
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| smartertools | smartermail | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SmarterMail 7.3/7.4 - Multiple Vulnerabilities
exploitdb·2011-03-10·CVSS 4.3
CVE-2010-3486 [MEDIUM] SmarterMail 7.3/7.4 - Multiple Vulnerabilities
SmarterMail 7.3/7.4 - Multiple Vulnerabilities
---
Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me
Identified: October 28, 2010
Vendor: SmarterTools
Application: SmarterMail 7.x
Bug(s): Stored XSS, Reflected XSS, Directory Traversal, File Upload Parameters, OS Execution, XML Injection, LDAP Injection, DoS
Patch: The Vendor has released SmarterMail Version 8 at URI http://www.smartertools.com/Download.aspx?Product=SmarterMail&File=Installer&Version=8&Location=Primary
Timeline: Notify Vendor 10-28-2011 on Version 7.3 with respect to Stored XSS, other Vulns
Vendor updates to Version 7.4 on 12.30.2010, Notify Vendor of Stored XSS, other Vulns
Vendor updates to Version 8.0 on 3.10.2011
Publication: March 10, 2011 | Hoyt LLC Research publishes vulnerability information for
Exploit-DB
SmarterMail < 7.2.3925 - LDAP Injection
exploitdb·2010-10-02·CVSS 5.0
CVE-2010-3486 [MEDIUM] SmarterMail < 7.2.3925 - LDAP Injection
SmarterMail alert(0x000170)
and for the HEX Value Stored Cross Site Scripting exploit I want to create.
The result is
%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%30%78%30%30%30%31%37%30%29%3C%2F%73%63%72%69%70%74%3E,
there is your example exploit for Stored XSS.
Take the result and paste it into the new event name (exploit) you want to
create and e-mail around to all your colleages and friends and blog about...
Click submit and refresh the screen, here is what I "received" for a
payload. I provide 2 examples of URL/Parameter manipulation that result in
an event being created.
** Author Note.. the Blogger parser isn't very good about making me escape
the nasty XSS below.. so I have to edit the post so readers don't get
XSS'd.. Pictures are a part of the exploit surface model, I also like
Exploit-DB
SmarterMail 7.1.3876 - Directory Traversal
exploitdb·2010-09-19
CVE-2010-3486 SmarterMail 7.1.3876 - Directory Traversal
SmarterMail 7.1.3876 - Directory Traversal
---
# Note: Fixed by the vendor in version 7.2.3925
# http://www.smartertools.com/smartermail/releasenotes/v7.aspx
Vendor: smartertools.com SmarterMail 7.x (7.1.3876) | Bug : Directory
Traversal, OS Command Injection, Other Critcal Vulns
########################################################################
# Vendor: smartertools.com SmarterMail 7.x (7.1.3876)
# Date: 2010-09-12
# Author : sqlhacker – http://cloudscan.me
# Thanks to : Burp Suite Pro - engagement tool
# : FuzzDB
# Contact : [email protected]
# Home : http://cloudscan.me
# Dork : insite: SmarterMail Enterprise 7.1
# Bug : Directory Traversal, OS Command Injection, Other Critcal Vulns
# Tested on : SmarterMail 7.x (7.1.3876) // Windows 2008 /64/R2
# Vendor Contact - August 14, 2
No writeups or analysis indexed.
http://cloudscan.blogspot.com/2010/09/smarter-stats-533819-file-fuzzing.htmlhttp://packetstormsecurity.org/1009-exploits/smartermail-traversal.txthttp://www.exploit-db.com/exploits/15048http://www.securityfocus.com/bid/43324https://exchange.xforce.ibmcloud.com/vulnerabilities/61910http://cloudscan.blogspot.com/2010/09/smarter-stats-533819-file-fuzzing.htmlhttp://packetstormsecurity.org/1009-exploits/smartermail-traversal.txthttp://www.exploit-db.com/exploits/15048http://www.securityfocus.com/bid/43324https://exchange.xforce.ibmcloud.com/vulnerabilities/61910
2010-09-22
Published