CVE-2004-2584

Description

frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability.

Affected products

• SmarterTools / SmarterMail1.6.1511 – 1.6.1511
• SmarterTools / SmarterMail1.6.1529 – 1.6.1529

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/15392
• VENDOR_ADVISORYhttp://www.zone-h.org/advisories/read/id=4098
• MISChttp://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt