CVE-2006-3549

services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via 1 http, 2 https, and 3 ftp URL in the url parameter...

CVE-2006-3548

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a 1 javascript URI or an external 2 http, 3 https, or 4 ftp URI in the url parameter in services/go.php a...

CVE-2006-3549

The CVE-2006-3549 vulnerability affects Horde Application Framework (Horde3) where services/go.php does not properly restrict its image proxy capability, enabling remote attackers to perform Web tunneling and use the server as a proxy via http, https, or ftp URLs in the url parameter. Technical d...

CVE-2006-3549

services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via 1 http, 2 https, and 3 ftp URL in the url parameter...

CVE-2006-3548

CVE-2006-3548 is a set of XSS flaws in Horde Application Framework (versions 3.0.0–3.0.10 and 3.1.0–3.1.1) exploitable via (1) url in go.php, (2) http/https/ftp URI in various parameters, (3) javascript URI in module, (4) name in problem.php. Root cause is inadequate input sanitization that allow...

horde3113010.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0011 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Horde 3.1.1, 3.0.10 Multiple Security Issues +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON July 05, 2006 PUBLISHED AT...

Important: Red Hat Security Advisory: openoffice.org security update

Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager,...

horde -- multiple parameter cross site scripting vulnerabilities

FrSIRT advisory ADV-2006-2356 reports: Multiple vulnerabilities have been identified in Horde Application Framework, which may be exploited by attackers to execute arbitrary scripting code. These flaws are due to input validation errors in the "test.php" and "templates/problem/problem.inc" script...

GLSA-200604-02 : Horde Application Framework: Remote code execution

The remote host is affected by the vulnerability described in GLSA-200604-02 Horde Application Framework: Remote code execution Jan Schneider of the Horde team discovered a vulnerability in the help viewer of the Horde Application Framework that could allow remote code execution CVE-2006-1491. Pa...

Horde Application Framework: Remote code execution

Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME and more. Description Jan Schneider of the Horde team discovered a vulnerability in the...

CVE-2006-1491

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer...

CVE-2006-1491

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer...

CVE-2006-1491

CVE-2006-1491 is a remote code execution vulnerability in the Horde Application Framework. The issue affects Horde 3.0.x before 3.0.10 and 3.1.x before 3.1.1, where unsanitized user input in the help viewer is passed to eval(), allowing arbitrary code execution on affected hosts. Related publicly...

CVE-2006-1491

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer...

Detects Xaraya version

The remote web server contains a web application framework written in PHP. Description : This script detects whether the remote host is running Xaraya and extracts the version number and location if found. Xaraya is an extensible, open-source web application framework written in PHP. OpenVAS...

CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check...

Code injection

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check...

CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check...

CVE-2006-1260

The CVE-2006-1260 issue affects Horde Application Framework 3.0.9. A null character in the URL parameter of services/go.php bypasses a sanity check, allowing remote attackers to read arbitrary files (information disclosure). Multiple open-source advisories (SUSE, Debian, Gentoo/OpenVAS GLSA/DSA e...

CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check...