6 matches found
openSUSE Security Update : horde (horde-311)
This update of horde fixes the following vulnerabilities : - CVE-2008-1284: directory traversal allows authenticated user to access and execute arbitrary files - CVE-2008-3330: remotely exploitable XSS - CVE-2008-3824: remotely exploitable XSS %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Fedora Update for horde FEDORA-2008-2406
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
[SECURITY] [DSA 1519-1] New horde3 packages fix information disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1519-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 15, 2008 http://www.debian.org/security/faq -...
Debian DSA-1519-1 : horde3 - insufficient input sanitising
It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 1519-1] New horde3 packages fix information disclosure
------------------------------------------------------------------------ Debian Security Advisory DSA-1519-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 15, 2008 http://www.debian.org/security/faq -...
CVE-2008-1284
CVE-2008-1284 affects Horde 3.1.6, Groupware up to 1.0.5, and Groupware Webmail Edition up to 1.0.6. The vulnerability is a directory traversal via ../ and a null byte in the theme name, allowing remote authenticated users to read and execute arbitrary files. The NVD entry lists a CVSSv2 base sco...