Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MailMarshal SMTP垃圾邮件隔离管理界面口令重置漏洞
Vulnerability Description
MailMarshal SMTP是适用于业务网络的邮件安全解决方案。 MailMarshal的口令生成功能实现上存在漏洞,远程攻击者可能利用此漏洞获取口令信息。 MailMarshal垃圾邮件控制台中的"请求新口令"功能可以接受用户的邮件地址并使用随机生成的口令更新相关用户帐号,执行这个功能的SQL查询存储过程如下: Update [User] Set [Password] = @Password Where UserId = @UserId 其中的@UserID变量包含有用户邮件地址,用于判断更新哪个用
CVSS Information
N/A
Vulnerability Type
N/A