{"cve": [{"lastseen": "2018-10-19T11:35:59", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).", "modified": "2018-10-18T12:47:54", "published": "2006-07-12T20:05:00", "id": "CVE-2006-3548", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3548", "title": "CVE-2006-3548", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 3.0.11, 3.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Manual Testing Notes\n[Base_URI]/services/help/?show=about&module=%3Cmeta%20http-equiv=%22refresh%22%20content=%220;URL=javascript:alert(0)%3B%22%3E\n## References:\nVendor URL: http://www.horde.org/\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Aug/0003.html)\nSecurity Tracker: 1016442\n[Secunia Advisory ID:20954](https://secuniaresearch.flexerasoftware.com/advisories/20954/)\n[Secunia Advisory ID:21459](https://secuniaresearch.flexerasoftware.com/advisories/21459/)\n[Secunia Advisory ID:27565](https://secuniaresearch.flexerasoftware.com/advisories/27565/)\n[Related OSVDB ID: 27034](https://vulners.com/osvdb/OSVDB:27034)\n[Related OSVDB ID: 27032](https://vulners.com/osvdb/OSVDB:27032)\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1406\nOther Advisory URL: http://moritz-naumann.com/adv/0011/hordemulti/0011.txt\nMail List Post: http://lists.horde.org/archives/announce/2006/000288.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0064.html\nMail List Post: http://lists.horde.org/archives/announce/2006/000287.html\nFrSIRT Advisory: ADV-2006-2694\n[CVE-2006-3548](https://vulners.com/cve/CVE-2006-3548)\nBugtraq ID: 18845\n", "modified": "2006-07-05T04:04:03", "published": "2006-07-05T04:04:03", "href": "https://vulners.com/osvdb/OSVDB:27033", "id": "OSVDB:27033", "title": "Horde services/help/index.php module Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 3.0.11, 3.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Manual Testing Notes\n[Base_URI]/services/problem.php?name=%22%3E%3Cscript%3Ealert(0)%3B%3C/script%20x=%22\n## References:\nVendor URL: http://www.horde.org/\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Aug/0003.html)\nSecurity Tracker: 1016442\n[Secunia Advisory ID:20954](https://secuniaresearch.flexerasoftware.com/advisories/20954/)\n[Secunia Advisory ID:21459](https://secuniaresearch.flexerasoftware.com/advisories/21459/)\n[Secunia Advisory ID:27565](https://secuniaresearch.flexerasoftware.com/advisories/27565/)\n[Related OSVDB ID: 27032](https://vulners.com/osvdb/OSVDB:27032)\n[Related OSVDB ID: 27033](https://vulners.com/osvdb/OSVDB:27033)\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1406\nOther Advisory URL: http://moritz-naumann.com/adv/0011/hordemulti/0011.txt\nMail List Post: http://lists.horde.org/archives/announce/2006/000288.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0064.html\nMail List Post: http://lists.horde.org/archives/announce/2006/000287.html\nFrSIRT Advisory: ADV-2006-2694\n[CVE-2006-3548](https://vulners.com/cve/CVE-2006-3548)\nBugtraq ID: 18845\n", "modified": "2006-07-05T04:04:03", "published": "2006-07-05T04:04:03", "href": "https://vulners.com/osvdb/OSVDB:27034", "id": "OSVDB:27034", "title": "Horde services/problem.php name Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:09:17", "bulletinFamily": "scanner", "description": "Horde 3.1.2 release announcement :\n\nSecurity Fixes :\n\n- Closed XSS problems in dereferrer (IE only), help viewer and problem reporting screen.\n\n- Removed unused image proxy code from dereferrer.", "modified": "2018-11-23T00:00:00", "id": "FREEBSD_PKG_E94CB43D0C4A11DB90160050BF27BA24.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22006", "published": "2006-07-06T00:00:00", "title": "FreeBSD : horde -- various problems in dereferrer (e94cb43d-0c4a-11db-9016-0050bf27ba24)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22006);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/23 12:49:57\");\n\n script_cve_id(\"CVE-2006-3548\");\n\n script_name(english:\"FreeBSD : horde -- various problems in dereferrer (e94cb43d-0c4a-11db-9016-0050bf27ba24)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Horde 3.1.2 release announcement :\n\nSecurity Fixes :\n\n- Closed XSS problems in dereferrer (IE only), help viewer and problem\nreporting screen.\n\n- Removed unused image proxy code from dereferrer.\"\n );\n # http://lists.horde.org/archives/announce/2006/000288.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.horde.org/archives/announce/2006/000288.html\"\n );\n # https://vuxml.freebsd.org/freebsd/e94cb43d-0c4a-11db-9016-0050bf27ba24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c525971c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:horde-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"horde<3.1.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"horde-php5<3.1.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:09:17", "bulletinFamily": "scanner", "description": "The version of Horde installed on the remote host fails to validate input to the 'url' parameter of the 'services/go.php' script before using it in dynamically-generated content. An unauthenticated attacker may be able to leverage this issue to inject arbitrary HTML and script code into a user's browser. \n\nIn addition, similar cross-site scripting issues reportedly exist with the 'module' parameter of the 'services/help/index.php' script and the 'name' parameter of the 'services/problem.php' script.", "modified": "2018-11-15T00:00:00", "id": "HORDE_URL_XSS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22004", "published": "2006-07-05T00:00:00", "title": "Horde < 3.0.11 / 3.1.2 Multiple Script XSS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22004);\n script_version(\"1.24\");\n script_cvs_date(\"Date: 2018/11/15 20:50:19\");\n\n script_cve_id(\"CVE-2006-3548\", \"CVE-2006-3549\");\n script_bugtraq_id(18845);\n\n script_name(english:\"Horde < 3.0.11 / 3.1.2 Multiple Script XSS\");\n script_summary(english:\"Tries to exploit an XSS flaw in Horde's services/go.php\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP script that is affected by\nmultiple cross-site scripting vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Horde installed on the remote host fails to validate\ninput to the 'url' parameter of the 'services/go.php' script before\nusing it in dynamically-generated content. An unauthenticated\nattacker may be able to leverage this issue to inject arbitrary HTML\nand script code into a user's browser. \n\nIn addition, similar cross-site scripting issues reportedly exist with\nthe 'module' parameter of the 'services/help/index.php' script and the\n'name' parameter of the 'services/problem.php' script.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2006/Jul/91\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.horde.org/archives/announce/2006/000287.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.horde.org/archives/announce/2006/000288.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Horde 3.0.11 / 3.1.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/07/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/07/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:horde:horde_application_framework\");\n script_end_attributes();\n \n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n \n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"horde_detect.nasl\", \"cross_site_scripting.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/horde\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\n\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port)) exit(0);\nif (get_kb_item(\"www/\"+port+\"/generic_xss\")) exit(0, \"The web server on port \"+port+\" is prone to XSS.\");\n\n\n# A simple (and invalid) alert.\nxss = string(\"javascript:alert(\", SCRIPT_NAME, \")\");\n\n\n# Test an install.\ninstall = get_kb_item(string(\"www/\", port, \"/horde\"));\nif (isnull(install)) exit(0, \"Horde was not detected on port \"+port);\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches))\n{\n dir = matches[2];\n\n # Try to exploit the issue to read a file.\n #\n # nb: Horde 3.x uses \"/services\"; Horde 2.x, \"/util\".\n foreach subdir (make_list(\"/services\", \"/util\"))\n {\n r = http_send_recv3(method:\"GET\", \n item:string(\n dir, subdir, \"/go.php?\",\n \"url=\", urlencode(str:string(\"http://www.example.com/;url=\", xss))\n ), \n port:port\n );\n if (isnull(r)) exit(1, \"The web server on port \"+port+\" failed to respond\");\n res = strcat(r[0], r[1], '\\r\\n', r[2]);\n\n # There's a problem if our XSS appears in the redirect.\n if (string(\"Refresh: 0; URL=http://www.example.com/;url=\", xss) >< res)\n {\n security_warning(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:10:10", "bulletinFamily": "scanner", "description": "This update fixes the following two security issues in the Horde Application Framework :\n\n - CVE-2006-3548: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a (1) JavaScript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a JavaScript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).\n\n - CVE-2006-3549: services/go.php does not properly restrict its image proxy capability, which allows remote attackers to perform 'Web tunneling' attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.", "modified": "2018-07-19T00:00:00", "id": "SUSE_HORDE-1868.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27265", "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : horde (horde-1868)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update horde-1868.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27265);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:23\");\n\n script_cve_id(\"CVE-2006-3548\", \"CVE-2006-3549\");\n\n script_name(english:\"openSUSE 10 Security Update : horde (horde-1868)\");\n script_summary(english:\"Check for the horde-1868 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following two security issues in the Horde\nApplication Framework :\n\n - CVE-2006-3548: Multiple cross-site scripting (XSS)\n vulnerabilities allow remote attackers to inject\n arbitrary web script or HTML via a (1) JavaScript URI or\n an external (2) http, (3) https, or (4) ftp URI in the\n url parameter in services/go.php (aka the dereferrer),\n (5) a JavaScript URI in the module parameter in\n services/help (aka the help viewer), and (6) the name\n parameter in services/problem.php (aka the problem\n reporting screen).\n\n - CVE-2006-3549: services/go.php does not properly\n restrict its image proxy capability, which allows remote\n attackers to perform 'Web tunneling' attacks and use the\n server as a proxy via (1) http, (2) https, and (3) ftp\n URL in the url parameter, which is requested from the\n server.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"horde-3.0.9-19.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:10:24", "bulletinFamily": "scanner", "description": "Several remote vulnerabilities have been discovered in the Horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2006-3548 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting).\n\n This vulnerability applies to oldstable (sarge) only.\n\n - CVE-2006-3549 Moritz Naumann discovered that Horde does not properly restrict its image proxy, allowing remote attackers to use the server as a proxy.\n\n This vulnerability applies to oldstable (sarge) only.\n\n - CVE-2006-4256 Marc Ruef discovered that Horde allows remote attackers to include web pages from other sites, which could be useful for phishing attacks.\n\n This vulnerability applies to oldstable (sarge) only.\n\n - CVE-2007-1473 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting).\n\n This vulnerability applies to both stable (etch) and oldstable (sarge).\n\n - CVE-2007-1474 iDefense discovered that the cleanup cron script in Horde allows local users to delete arbitrary files.\n\n This vulnerability applies to oldstable (sarge) only.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1406.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=28151", "published": "2007-11-12T00:00:00", "title": "Debian DSA-1406-1 : horde3 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1406. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28151);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2006-3548\", \"CVE-2006-3549\", \"CVE-2006-4256\", \"CVE-2007-1473\", \"CVE-2007-1474\");\n script_xref(name:\"DSA\", value:\"1406\");\n\n script_name(english:\"Debian DSA-1406-1 : horde3 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Horde web\napplication framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2006-3548\n Moritz Naumann discovered that Horde allows remote\n attackers to inject arbitrary web script or HTML in the\n context of a logged in user (cross site scripting).\n\n This vulnerability applies to oldstable (sarge) only.\n\n - CVE-2006-3549\n Moritz Naumann discovered that Horde does not properly\n restrict its image proxy, allowing remote attackers to\n use the server as a proxy.\n\n This vulnerability applies to oldstable (sarge) only.\n\n - CVE-2006-4256\n Marc Ruef discovered that Horde allows remote attackers\n to include web pages from other sites, which could be\n useful for phishing attacks.\n\n This vulnerability applies to oldstable (sarge) only.\n\n - CVE-2007-1473\n Moritz Naumann discovered that Horde allows remote\n attackers to inject arbitrary web script or HTML in the\n context of a logged in user (cross site scripting).\n\n This vulnerability applies to both stable (etch) and oldstable\n (sarge).\n\n - CVE-2007-1474\n iDefense discovered that the cleanup cron script in\n Horde allows local users to delete arbitrary files.\n\n This vulnerability applies to oldstable (sarge) only.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-3548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-3549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-4256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1406\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the horde3 package.\n\nFor the old stable distribution (sarge) these problems have been fixed\nin version 3.0.4-4sarge6.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 3.1.3-4etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:horde3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"horde3\", reference:\"3.0.4-4sarge6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"horde3\", reference:\"3.1.3-4etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-20T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57064", "id": "OPENVAS:57064", "title": "FreeBSD Ports: horde, horde-php5", "type": "openvas", "sourceData": "#\n#VID e94cb43d-0c4a-11db-9016-0050bf27ba24\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n horde\n horde-php5\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://lists.horde.org/archives/announce/2006/000288.html\nhttp://www.vuxml.org/freebsd/e94cb43d-0c4a-11db-9016-0050bf27ba24.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57064);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 4118 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-20 07:32:38 +0200 (Tue, 20 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-3548\");\n script_name(\"FreeBSD Ports: horde, horde-php5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"horde\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.1.2\")<0) {\n txt += 'Package horde version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"horde-php5\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.1.2\")<0) {\n txt += 'Package horde-php5 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:29", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n horde\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017209 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65028", "id": "OPENVAS:65028", "title": "SLES9: Security update for horde", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5017209.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for horde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n horde\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017209 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65028);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-3548\", \"CVE-2006-3549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for horde\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~2.2.5~63.16\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:05", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n horde\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017209 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065028", "id": "OPENVAS:136141256231065028", "type": "openvas", "title": "SLES9: Security update for horde", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5017209.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for horde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n horde\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017209 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65028\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-3548\", \"CVE-2006-3549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for horde\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~2.2.5~63.16\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update to horde3\nannounced via advisory DSA 1406-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58738", "id": "OPENVAS:58738", "title": "Debian Security Advisory DSA 1406-1 (horde3)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1406_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1406-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Horde web\napplication framework. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2006-3548\n\nMoritz Naumann discovered that Horde allows remote attackers\nto inject arbitrary web script or HTML in the context of a logged\nin user (cross site scripting).\n\nThis vulnerability applies to oldstable (sarge) only.\n\nCVE-2006-3549\n\nMoritz Naumann discovered that Horde does not properly restrict\nits image proxy, allowing remote attackers to use the server as a\nproxy.\n\nThis vulnerability applies to oldstable (sarge) only.\n\nCVE-2006-4256\n\nMarc Ruef discovered that Horde allows remote attackers to\ninclude web pages from other sites, which could be useful for\nphishing attacks.\n\nThis vulnerability applies to oldstable (sarge) only.\n\nCVE-2007-1473\n\nMoritz Naumann discovered that Horde allows remote attackers\nto inject arbitrary web script or HTML in the context of a logged\nin user (cross site scripting).\n\nThis vulnerability applies to both stable (etch) and oldstable (sarge).\n\nCVE-2007-1474\n\niDefense discovered that the cleanup cron script in Horde\nallows local users to delete arbitrary files.\n\nThis vulnerability applies to oldstable (sarge) only.\n\n\nFor the old stable distribution (sarge) these problems have been fixed in\nversion 3.0.4-4sarge6.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 3.1.3-4etch1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.1.4-1.\n\nWe recommend that you upgrade your horde3 package.\";\ntag_summary = \"The remote host is missing an update to horde3\nannounced via advisory DSA 1406-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201406-1\";\n\nif(description)\n{\n script_id(58738);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-3548\", \"CVE-2006-3549\", \"CVE-2006-4256\", \"CVE-2007-1473\", \"CVE-2007-1474\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1406-1 (horde3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"horde3\", ver:\"3.0.4-4sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"horde3\", ver:\"3.1.3-4etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:15:06", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1406-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nNovember 9th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : horde3\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2006-3548 CVE-2006-3549 CVE-2006-4256 CVE-2007-1473 CVE-2007-1474\nDebian Bug : 378281 383416 434045\n\nSeveral remote vulnerabilities have been discovered in the Horde web\napplication framework. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2006-3548\n\n Moritz Naumann discovered that Horde allows remote attackers\n to inject arbitrary web script or HTML in the context of a logged\n in user (cross site scripting).\n\n This vulnerability applies to oldstable (sarge) only.\t \n\nCVE-2006-3549\n\n Moritz Naumann discovered that Horde does not properly restrict\n its image proxy, allowing remote attackers to use the server as a\n proxy.\n\n This vulnerability applies to oldstable (sarge) only.\n\nCVE-2006-4256\n\n Marc Ruef discovered that Horde allows remote attackers to\n include web pages from other sites, which could be useful for\n phishing attacks.\n\n This vulnerability applies to oldstable (sarge) only.\n\nCVE-2007-1473\n\n Moritz Naumann discovered that Horde allows remote attackers\n to inject arbitrary web script or HTML in the context of a logged\n in user (cross site scripting).\n\n This vulnerability applies to both stable (etch) and oldstable (sarge).\n\nCVE-2007-1474\n\n iDefense discovered that the cleanup cron script in Horde\n allows local users to delete arbitrary files.\n\n This vulnerability applies to oldstable (sarge) only.\n\n\nFor the old stable distribution (sarge) these problems have been fixed in\nversion 3.0.4-4sarge6.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 3.1.3-4etch1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.1.4-1.\n\nWe recommend that you upgrade your horde3 package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge6.dsc\n Size/MD5 checksum: 920 a829a3791ed40777b0a4995be6727f13\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge6.diff.gz\n Size/MD5 checksum: 13978 ab0dc18c4744b21919c154ac81600ad7\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4.orig.tar.gz\n Size/MD5 checksum: 3378143 e2221d409ba1c8841ce4ecee981d7b61\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge6_all.deb\n Size/MD5 checksum: 3437942 f2cd9a0c7cb7e800d357d206d9f19841\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch1.dsc\n Size/MD5 checksum: 974 9fe3ec9d81a0d0c8ec6dd2ae3e14ed40\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch1.diff.gz\n Size/MD5 checksum: 10633 84cad3aed2026c8a6358891897a15ee7\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz\n Size/MD5 checksum: 5232958 fbc56c608ac81474b846b1b4b7bb5ee7\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch1_all.deb\n Size/MD5 checksum: 5270226 34a3af59a3469722ecf832948d390cea\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2007-11-09T00:00:00", "published": "2007-11-09T00:00:00", "id": "DEBIAN:DSA-1406-1:37523", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00184.html", "title": "[SECURITY] [DSA 1406-1] New horde3 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}