|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2895 CVE : CVE-2007-3796 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : No Credit : Gary O'leary-Steele Published : 20.07.2007
Advisory Content : SEC-1 LTD. www.sec-1.com Security Advisory Advisory Name: MailMarshal Spam Quarantine Password Retrieval Vulnerability Release Date: 17-06-2007 Application: MailMarshal SMTP 6.2.0.x Platform: Microsoft Windows Severity: Password Retrieval Author: Gary O'leary-Steele Reported: See time line section below Vendor status: Fix Available CVE Candidate: CVE-2007-3796 Reference: http://www.sec-1.com/ Overview from www.mailmarshal.com: MailMarshal SMTP is a total email content security solution for business networks. It combines anti-spam, anti-virus, anti-phishing, anti-porn and content security into a highly scalable and easily manageable solution. MailMarshal enables you to meet your corporate obligation to provide a safe and secure environment for your employees. It also enables you to meet your obligation to effectively monitor and manage your organization's compliance with relevant corporate governance and legislative regulatory frameworks. Vulnerability Summary: The Spam Quarantine HTTP interface password reset facility is vulnerable to a SQL buffer truncation attack. The vulnerability could be exploited to reset and retrieve any user account. The attacker would require prior knowledge of the users email address. Vulnerability Details: A technical analysis of the vulnerability is included within our "Buffer Truncation in Microsoft SQL Server Based Applications 1.1" paper http://www.sec-1labs.co.uk/advisories/BTA_Full.pdf Time Line: 24/05/2007 Reported 12/07/2007 Fix Available Vendor Status: This issue has been resolved in version 6.2.1. See the change history for further details. http://www.marshal.com/software/mailmarshal_smtp/MailMarshalSMTP-Release Notes-6.2.1.3252.htm#Change%20History Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2007-3796 Copyright 2007 Sec-1 LTD. All rights reserved. Sec-1 specialises in the provision of network security solutions. For more information on products and services we offer visit www.sec-1.com or call 0113 257 8955.  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |