Directory Traversal Vulnerability in SmarterMail by SmarterTools
CVE-2010-3486

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smartermail
Vendor: CVE Published:; 22 September 2010

What is CVE-2010-3486?

The directory traversal vulnerability in FileStorageUpload.ashx found in SmarterMail 7.1.3876 allows remote attackers to access sensitive information by exploiting improper input validation. By manipulating the name parameter with sequences like '../' or encoded backslashes, attackers can traverse directories and read arbitrary files on the server, potentially accessing sensitive system files.

References

http://www.securityfocus.com/bid/43324

vdb-entryx_refsource_BID

http://cloudscan.blogspot.com/2010/09/smarter-stats-53381...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/61910

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 22, 2010
Vulnerability Reserved
Sep 22, 2010

Smartertools

What is CVE-2010-3486?

References

Timeline