CVE

Id
27153  
CVE No.
CVE-2007-3796  
Status
Candidate  
Description
The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.  
Phase
Assigned (20070716)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
278002 27153 CVE-2007-3796 FULLDISC:20070717 [Sec-1 Ltd] Advisory: MailMarshal Spam Quarantine Password Retrieval Vulnerability  View
278003 27153 CVE-2007-3796 URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064676.html  View
278004 27153 CVE-2007-3796 MISC:http://www.sec-1labs.co.uk/advisories/BTA_Full.pdf  View
278005 27153 CVE-2007-3796 BID:24936  View
278006 27153 CVE-2007-3796 URL:http://www.securityfocus.com/bid/24936  View
278007 27153 CVE-2007-3796 SECUNIA:26018  View
278008 27153 CVE-2007-3796 URL:http://secunia.com/advisories/26018  View
278009 27153 CVE-2007-3796 SREASON:2895  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
52020 JVNDB-2007-000683 tcpdump の BGP 解析における整数オーバーフローの脆弱性が存在します。 tcpdump における BGP 解析の print-bgp.c には整数オーバーフローの脆弱性が存在します。 CVE-2007-3798 27153 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000683.html  View