CVE-2009-3237

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HT...

Design/Logic Flaw

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...

CVE-2009-3236

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...

CVE-2009-3237

The CVE-2009-3237 issue affects Horde Application Framework and related Groupware packages: XSS vulnerabilities in Horde App Framework versions before 3.2.5 (and 3.3.x before 3.3.5) and in Groupware 1.1.x before 1.1.6 and 1.2.x before 1.2.4, plus Groupware Webmail Edition 1.1/1.2 before these fix...

CVE-2009-3237

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HT...

CVE-2009-3236

CVE-2009-3236 affects Horde Application Framework 3.2 (before 3.2.5) and 3.3 (before 3.3.5), Groupware 1.1 (before 1.1.6) and 1.2 (before 1.2.4), and Horde Webmail Editions 1.1 (before 1.1.6) and 1.2 (before 1.2.4). The vulnerability arises from Horde_Form_Type_image reusing temporary upload file...

Ruby on Rails http_authentication.rb Nil凭据绕过认证漏洞

BUGTRAQ ID: 35579 Ruby on Rails是一个新的Web应用程序框架，构建在Ruby语言之上。 Ruby on Rails的actionpack/lib/actioncontroller/httpauthentication.rb文件中的 validatedigestresponse函数在处理nil凭据时存在错误，如果没有找到用户返回的是nil，而正确的行为是返回 false。远程攻击者发送空的认证凭据就可以绕过HTTP认证获得非授权访问。 David Heinemeier Hansson Ruby on Rails 2.3.2 厂商补丁： David...

CVE-2008-5917

Cross-site scripting XSS vulnerability in the XSS filter framework/TextFilter/Filter/xss.php in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes...

CVE-2008-5917

The CVE-2008-5917 entry describes a Cross-site scripting (XSS) vulnerability in Horde Application Framework’s Text_Filter/Filter/xss.php, affecting Horde 3.2.2 and 3.3. It is reported when using Internet Explorer, allowing remote attackers to inject arbitrary web script or HTML via unknown vector...

Apache Struts 2 < 2.0.12 / 2.1.3 Dispatcher Directory Traversal

The remote web server is using Apache Struts, a web application framework for developing Java EE web applications. The version of Apache Struts 2 installed on the remote host fails to properly decode and normalize the request path before serving static content. Using double-encoded directory...

Gentoo Security Advisory GLSA 200511-20 (horde)

The remote host is missing updates announced in advisory GLSA 200511-20. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200606-28 (horde)

The remote host is missing updates announced in advisory GLSA 200606-28. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200805-01 (horde)

The remote host is missing updates announced in advisory GLSA 200805-01. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2007-6018

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to 1 delete arbitrary e-mail messages via a modified numeric ID or 2 "purge" deleted emails via a crafted email message...

Fedora 9 : horde-3.2.1-1.fc9 (2008-5683)

Update to the New Horde Application Framework 3.2.1 Includes security fixes XSS in object browser Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

GLSA-200805-01 : Horde Application Framework: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200805-01 Horde Application Framework: Multiple vulnerabilities Multiple vulnerabilities have been reported in the Horde Application Framework: David Collins, Patrick Pelanne and the HostGator.com LLC support team discovered that...

Horde Application Framework: Multiple vulnerabilities

Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME and more. Description Multiple vulnerabilities have been reported in the Horde Applicatio...

Debian: Security Advisory (DSA-1033-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2007-6018

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to 1 delete arbitrary e-mail messages via a modified numeric ID or 2 "purge" deleted emails via a crafted email message...

CVE-2007-6018

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to 1 delete arbitrary e-mail messages via a modified numeric ID or 2 "purge" deleted emails via a crafted email message...