CVSS: 7.6EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3796
https://notcve.org/view.php?id=CVE-2007-3796
The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables. La característica de reinicio de la contraseña en el interface Spam Quarantine HTTP para SMTP 6.2.0.x anterior 6.2.1 permite a atacantes remotos modificar cuentas de información de su elección a través de un UserId variable con una gran cantidad de espacios en blanco seguidos por un valor malicioso, el cual dispara un truncamiento SQL de búfer debido a las inconsistencias de la longitud entre las variables. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064676.html http://secunia.com/advisories/26018 http://securityreason.com/securityalert/2895 http://www.sec-1labs.co.uk/advisories/BTA_Full.pdf http://www.securityfocus.com/bid/24936 •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2006-5487 – Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2006-5487
Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive. Vulnerabilidad de salto de directorio en el Marshal MailMarshal SMTP 5.x, 6.x, y 2006, y MailMarshal para Exchange 5.x, permite a atacantes remotos escribir ficheros de su elección mediante secuencias ".." en los nombres de fichero de un archivo comprimido ARJ. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Marshal MailMarshal (formerly of NetIQ). Authentication is not required to exploit this vulnerability. The specific flaw exists within the extraction and scanning of ARJ compressed attachments. Due to incorrect sandboxing of extracted filenames that contain directory traversal modifiers such as "../", an attacker can cause an executable to be created in an arbitrary location. While currently existing files can not be over written, an attacker may leverage this vulnerability in a number of ways. • http://secunia.com/advisories/22806 http://securityreason.com/securityalert/1857 http://securitytracker.com/id?1017209 http://www.marshal.com/kb/article.aspx?id=11450 http://www.securityfocus.com/archive/1/451143/100/0/threaded http://www.securityfocus.com/bid/20999 http://www.vupen.com/english/advisories/2006/4457 http://www.zerodayinitiative.com/advisories/ZDI-06-039.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30188 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •