Lucene search
GoogleOSV:DSA-1765-1HistoryApr 08, 2009 - 12:00 a.m.
horde3 - several vulnerabilities
2009-04-0800:00:00
Google
osv.dev
4
0.04 Low
EPSS
Percentile
92.2%
Several vulnerabilities have been found in horde3, the horde web application
framework. The Common Vulnerabilities and Exposures project identifies
the following problems:
- CVE-2009-0932
Gunnar Wrobel discovered a directory traversal vulnerability, which
allows attackers to include and execute arbitrary local files via the
driver parameter in Horde_Image. - CVE-2008-3330
It was discovered that an attacker could perform a cross-site scripting
attack via the contact name, which allows attackers to inject arbitrary
html code. This requires that the attacker has access to create
contacts. - CVE-2008-5917
It was discovered that the horde XSS filter is prone to a cross-site
scripting attack, which allows attackers to inject arbitrary html code.
This is only exploitable when Internet Explorer is used.
For the oldstable distribution (etch), these problems have been fixed in
version 3.1.3-4etch5.
For the stable distribution (lenny), these problems have been fixed in
version 3.2.2+debian0-2, which was already included in the lenny
release.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 3.2.2+debian0-2.
We recommend that you upgrade your horde3 packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| horde3 | eq | 3.1.3-4etch1 | |
| horde3 | eq | 3.1.3-4etch4 | |
| horde3 | eq | 3.1.3-4etch3 | |
| horde3 | eq | 3.1.3-4etch2 | |
| horde3 | eq | 3.1.3-4 |
References
Related
openvas
openvas
Debian Security Advisory DSA 1765-1 (horde3)
2009-04-15 00:00:00
Debian: Security Advisory (DSA-1765-1)
2009-04-15 00:00:00
Horde XSS Filter Cross Site Scripting Vulnerability
2009-04-10 00:00:00
securityvulns
securityvulns
nessus
nessus
Debian DSA-1765-1 : horde3 - Multiple vulnerabilities
2009-04-09 00:00:00
openSUSE Security Update : horde (horde-657)
2009-07-21 00:00:00
openSUSE 10 Security Update : horde (horde-6099)
2009-03-24 00:00:00
debian
debian
[SECURITY] [DSA 1765-1] New horde3 packages fix several vulnerabilities
2009-04-08 13:22:34
[SECURITY] [DSA 1765-1] New horde3 packages fix several vulnerabilities
2009-04-08 13:22:34
cve
cve
cvelist
cvelist
redhatcve
redhatcve
CVE-2008-5917
2019-10-04 20:57:41
ubuntucve
ubuntucve
prion
prion
Cross site scripting
2009-01-21 02:30:00
Cross site scripting
2008-07-27 22:41:00
Directory traversal
2009-03-17 21:30:00
nvd
nvd
gentoo
gentoo
Horde: Multiple vulnerabilities
2009-09-12 00:00:00
dsquare
dsquare
Horde < 3.3.2 LFI
2012-02-01 00:00:00
packetstorm
packetstorm
Horde Local File Inclusion
2011-02-11 00:00:00
exploitpack
exploitpack
Horde - Horde_Image::factory driver Argument Local File Inclusion
2011-02-11 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_HORDE
2009-03-17 21:30:00
seebug
seebug
Horde Horde_Image::factory driver Argument Local File Inclusion
2014-07-01 00:00:00
HordeδΊ§εζ¬ε°ζδ»Άε
ε«εθ·¨η«θζ¬ζΌζ΄
2009-03-19 00:00:00
nuclei
nuclei
Horde/Horde Groupware - Local File Inclusion
2021-07-27 05:32:32
exploitdb
exploitdb
Horde - Horde_Image::factory driver Argument Local File Inclusion
2011-02-11 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: horde-3.3.6-1.fc12
2010-04-01 01:51:02
[SECURITY] Fedora 11 Update: horde-3.3.6-1.fc11
2010-04-01 01:40:32
[SECURITY] Fedora 13 Update: horde-3.3.6-1.fc13
2010-04-01 17:20:56