Multiple vulnerabilities in Zikula Application Framework

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zikula Application Framework, which can be exploited to perform cross-site scripting XSS and cross-site request forgery CSRF attacks. 1 XSRF CSRF in Zikula Application Framework: CVE-2010-1732 The vulnerability...

DSA-1966-1 horde3 - cross-site scripting

Bulletin has no description...

CVE-2009-3701

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

CVE-2009-3701

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

CVE-2009-4363

TextFilter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting XSS attacks via data:text/html...

CVE-2009-3701

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

CVE-2009-4363

CVE-2009-4363 affects Horde Framework components (Text_Filter/lib/Horde/Text/Filter/Xss.php) and related Horde Groupware packages, where data: URIs in HTML email HREF attributes could trigger cross-site scripting. Root cause is improper handling of data: URIs; vendor notes issue tied to Firefox. ...

CVE-2009-3701

CVE-2009-3701 affects Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5. It enables remote XSS via PATH_INFO to admin/phpshell.php, admin/cmdshell.php, or admin/sqlshell.php, related to PHP_SELF. Impact is arbitrary script/HTM...

Horde 3.3.5 - PHP_SELF Cross-Site Scripting

Horde 3.3.5 - PHPSELF Cross-Site Scripting ============================================= INTERNET SECURITY AUDITORS ALERT 2009-012 - Original release date: October 13th, 2009 - Last revised: December 16th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3701 - Severity: 6.3/10 CVSS Bas...

[ISecAuditors Security Advisories] Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability

============================================= INTERNET SECURITY AUDITORS ALERT 2009-012 - Original release date: October 13th, 2009 - Last revised: December 16th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3701 - Severity: 6.3/10 CVSS Base Score...

Horde 3.3.5 "PHP_SELF" XSS vulnerability

Exploit for unknown platform in category web applications ======================================== Horde 3.3.5 "PHPSELF" XSS vulnerability ======================================== ============================================= INTERNET SECURITY AUDITORS ALERT 2009-012 - Original release date:...

Horde 3.3.5 - 'PHP_SELF' Cross-Site Scripting

============================================= INTERNET SECURITY AUDITORS ALERT 2009-012 - Original release date: October 13th, 2009 - Last revised: December 16th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3701 - Severity: 6.3/10 CVSS Base Score...

DNN (DotNetNuke) Detection

The remote web server is running DNN formerly known as DotNetNuke, a web application framework written in ASP.NET. Note that this plugin can attempt to log into the application and obtain version information if supplied with credentials for a user with superuser privileges. C Tenable Network...

Microsoft Silverlight Detection

A version of Microsoft's Silverlight is installed on this host. Microsoft Silverlight is a web application framework that provides functionalities similar to those in Adobe Flash, integrating multimedia, graphics, animations and interactivity into a single runtime environment. C Tenable Network...

Debian: Security Advisory (DSA-1897-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1897-1 [email protected] http://www.debian.org/security/ Nico Golde September 28th, 2009 http://www.debian.org/security/faq -...

CVE-2009-3236

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...

CVE-2009-3237

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HT...

CVE-2009-3236

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...