Unrated severityNVD Advisory· Published Jul 17, 2007· Updated Apr 23, 2026

CVE-2007-3796

Description

The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.

Affected products

Mailmarshal/SMTP
cpe:2.3:a:mailmarshal:mailmarshal_smtp:*:*:*:*:*:*:*:*
Range: <=6.2.0
Mailmarshal/MailMarshal SMTPllm-fuzzy
Range: >= 6.2.0, < 6.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.grok.org.uk/pipermail/full-disclosure/2007-July/064676.htmlnvdPatch
secunia.com/advisories/26018nvdVendor Advisory
www.sec-1labs.co.uk/advisories/BTA_Full.pdfnvdURL Repurposed
securityreason.com/securityalert/2895nvd
www.securityfocus.com/bid/24936nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000