CVE-2007-3796

The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.
Configurations

Configuration 1

cpe:2.3:a:mailmarshal:mailmarshal_smtp:*:*:*:*:*:*:*:*

Information

Published : 2007-07-17 11:30

Updated : 2008-09-05 09:26


NVD link : CVE-2007-3796

Mitre link : CVE-2007-3796

Products Affected
No products.