Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path Coercion
Vulnerability Description
SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication.
CVSS Information
N/A
Vulnerability Type
使用不正确的解析名称或索引
Vulnerability Title
SmarterTools SmarterMail 安全漏洞
Vulnerability Description
SmarterTools SmarterMail是SmarterTools公司的一套邮件服务器软件。该软件支持垃圾邮件过滤、数据统计、简单邮件传输协议SMTP验证等功能。 SmarterTools SmarterMail 9518之前版本存在安全漏洞,该漏洞源于未经身份验证的路径强制转换,可能导致凭证强制和NTLM中继攻击。
CVSS Information
N/A
Vulnerability Type
N/A