Linux Distros Unpatched Vulnerability : CVE-2017-7413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde...

Debian: Security Advisory (DLA-1398-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1398-1 : php-horde-crypt security update

It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an encrypted email. For Debian 8 'Jessie', these problems have been fixed in version 2.5.0-5+deb8u1. We recommend th...

[SECURITY] [DLA 1398-1] php-horde-crypt security update

Package : php-horde-crypt Version : 2.5.0-5+deb8u1 CVE ID : CVE-2017-7413 CVE-2017-7414 Debian Bug : 859635 It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an...

Fedora 26 : php-horde-Horde-Crypt (2017-0c4f5fb08e)

HordeCrypt 2.7.6 - mjr SECURITY: Fix remote code execution vulnerability CVE-2017-7413, and CVE-2017-7414. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

Horde Groupware Webmail Edition Operating System Command Injection Vulnerability

Horde Groupware Webmail Edition is a free enterprise browser based on the Communication Suite from Horde, Inc.HordeCrypt is an encryption/decryption library for working with PGP data. An OS command injection vulnerability exists in HordeCrypt versions prior to 2.7.6 used in Horde Groupware Webmai...

Fedora 24 : php-horde-Horde-Crypt (2017-e2a3e6fa12)

HordeCrypt 2.7.6 - mjr SECURITY: Fix remote code execution vulnerability CVE-2017-7413, and CVE-2017-7414. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

Fedora Update for php-horde-Horde-Crypt FEDORA-2017-ed4c9b605b

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : php-horde-Horde-Crypt (2017-ed4c9b605b)

HordeCrypt 2.7.6 - mjr SECURITY: Fix remote code execution vulnerability CVE-2017-7413, and CVE-2017-7414. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

Fedora Update for php-horde-Horde-Crypt FEDORA-2017-e2a3e6fa12

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: php-horde-Horde-Crypt-2.7.6-1.fc24

The HordeCrypt package class provides an API for various cryptographic systems...

[SECURITY] Fedora 26 Update: php-horde-Horde-Crypt-2.7.6-1.fc26

The HordeCrypt package class provides an API for various cryptographic systems...

DEBIAN-CVE-2017-7413

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email...

DEBIAN-CVE-2017-7414

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit...

UBUNTU-CVE-2017-7414

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit...