PRIOn knowledge basePRION:CVE-2008-1284Directory traversal
7.1 High
AI Score
Confidence
Low
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.1%
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via “…” sequences and a null byte in the theme name.
References
lists.horde.org/archives/announce/2008/000382.html
lists.horde.org/archives/announce/2008/000383.html
lists.horde.org/archives/announce/2008/000384.html
secunia.com/advisories/29286
secunia.com/advisories/29374
secunia.com/advisories/29400
secunia.com/advisories/30047
security.gentoo.org/glsa/glsa-200805-01.xml
securityreason.com/securityalert/3726
www.debian.org/security/2008/dsa-1519
www.securityfocus.com/archive/1/489239/100/0/threaded
www.securityfocus.com/archive/1/489289/100/0/threaded
www.securityfocus.com/bid/28153
www.vupen.com/english/advisories/2008/0822/references
exchange.xforce.ibmcloud.com/vulnerabilities/41054
www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html
www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html
Related
7.1 High
AI Score
Confidence
Low
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.1%