Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-1691HistoryApr 01, 2014 - 3:55 p.m.
CVE-2014-1691
2014-04-0115:55:00
Debian Security Bug Tracker
security-tracker.debian.org
8
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.945 High
EPSS
Percentile
99.2%
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | php-horde-util | < 2.3.0-1 | php-horde-util_2.3.0-1_all.deb |
| Debian | 11 | all | php-horde-util | < 2.3.0-1 | php-horde-util_2.3.0-1_all.deb |
| Debian | 10 | all | php-horde-util | < 2.3.0-1 | php-horde-util_2.3.0-1_all.deb |
| Debian | 999 | all | php-horde-util | < 2.3.0-1 | php-horde-util_2.3.0-1_all.deb |
| Debian | 13 | all | php-horde-util | < 2.3.0-1 | php-horde-util_2.3.0-1_all.deb |
Related
securityvulns
securityvulns
[SECURITY] [DSA 2853-1] horde3 security update
2014-02-11 00:00:00
metasploit
metasploit
Horde Framework Unserialize PHP Code Execution
2014-03-18 01:47:45
openvas
openvas
Debian: Security Advisory (DSA-2853-1)
2014-02-04 00:00:00
Debian Security Advisory DSA 2853-1 (horde3 - remote code execution)
2014-02-05 00:00:00
Horde '_formvars' Form Input Remote Code Execution Vulnerability
2014-03-21 00:00:00
ubuntucve
ubuntucve
CVE-2014-1691
2014-04-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Horde Framework Unserialize PHP Code Execution (CVE-2014-1691)
2014-05-18 00:00:00
nessus
nessus
Debian DSA-2853-1 : horde3 - remote code execution
2014-02-06 00:00:00
packetstorm
packetstorm
Horde Framework Unserialize PHP Code Execution
2014-03-20 00:00:00
Horde Framework Unserialize PHP Code Execution
2014-06-29 00:00:00
seebug
seebug
Horde Framework Unserialize PHP Code Execution
2014-07-01 00:00:00
zdt
zdt
Horde Framework Unserialize PHP Code Execution
2014-03-22 00:00:00
debian
debian
[SECURITY] [DSA 2853-1] horde3 security update
2014-02-05 12:20:26
prion
prion
Design/Logic Flaw
2014-04-01 15:55:00
osv
osv
horde3 - Remote code execution
2014-02-05 00:00:00
cve
cve
CVE-2014-1691
2014-04-01 15:55:00
exploitdb
exploitdb
Horde Framework - Unserialize PHP Code Execution (Metasploit)
2014-03-22 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.945 High
EPSS
Percentile
99.2%
Related for DEBIANCVE:CVE-2014-1691