CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
76.9%
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via “…” sequences and a null byte in the theme name.
lists.horde.org/archives/announce/2008/000382.html
lists.horde.org/archives/announce/2008/000383.html
lists.horde.org/archives/announce/2008/000384.html
secunia.com/advisories/29286
secunia.com/advisories/29374
secunia.com/advisories/29400
secunia.com/advisories/30047
security.gentoo.org/glsa/glsa-200805-01.xml
securityreason.com/securityalert/3726
www.debian.org/security/2008/dsa-1519
www.securityfocus.com/archive/1/489239/100/0/threaded
www.securityfocus.com/archive/1/489289/100/0/threaded
www.securityfocus.com/bid/28153
www.vupen.com/english/advisories/2008/0822/references
exchange.xforce.ibmcloud.com/vulnerabilities/41054
www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html
www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html