spamdyke -- STARTTLS Plaintext Injection Vulnerability
Secunia reports: The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data e.g. SMTP commands during the...