|
|
CVE Reference: CVE-2007-3796 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-3796 |
|
|
Description: The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables. |
|
|
CVE Status: Candidate |
|
|
References: SREASON http://securityreason.com/securityalert/2895 SAID Secunia Advisory: SA26018 MISC http://www.sec-1labs.co.uk/advisories/BTA_Full.pdf FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064676.html BID 24936 |
|
| Return to the previous page. |
