Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse

Summary A critical business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens upon use and a critical logic bug in the token cleanup cron job, reset tokens remain valid...

GHSA-RFJG-6M84-CRJ2 Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse

Summary A critical business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens upon use and a critical logic bug in the token cleanup cron job, reset tokens remain valid...

Debian DSA-1406-1 : horde3 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3548 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in t...

[SECURITY] [DSA 1406-1] New horde3 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1406-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 9th, 2007 http://www.debian.org/security/faq -...

CVE-2007-1474

CVE-2007-1474 affects Horde Project Horde and IMP prior to Horde Application Framework 3.1.4. The vulnerability is an argument injection flaw in the cleanup cron script that can let local users delete arbitrary files and potentially gain privileges by supplying multiple space-delimited pathnames....