10 matches found
Gentoo Security Advisory GLSA 200909-14 (horde horde-imp horde-passwd)
The remote host is missing updates announced in advisory GLSA 200909-14. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
GLSA-200909-14 : Horde: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200909-14 Horde: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Horde: Gunnar Wrobel reported an input sanitation and directory traversal flaw in framework/Image/Image.php, related to the 'HordeImage...
openSUSE Security Update : imp (imp-659)
Version update to IMP 4.1.6 fixes a problem with validating HTTP requests that allowed attackers to delete emails CVE-2007-6018 and some cross-site-scripting issues CVE-2009-0930. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Debian Security Advisory DSA 1770-1 (imp4)
The remote host is missing an update to imp4 announced via advisory DSA 1770-1. OpenVAS Vulnerability Test $Id: deb17701.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1770-1 imp4 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Debian DSA-1770-1 : imp4 - Insufficient input sanitising
Several vulnerabilities have been found in imp4, a webmail component for the horde framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4182 It was discovered that imp4 suffers from a cross-site scripting XSS attack via the user field in an IM...
[SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1770-1 [email protected] http://www.debian.org/security/ Steffen Joeris April 13, 2009 http://www.debian.org/security/faq -...
DSA-1770-1 imp4 - cross-site scripting
Bulletin has no description...
openSUSE 10 Security Update : imp (imp-6101)
Version update to IMP 4.1.6 fixes a problem with validating HTTP requests that allowed attackers to delete emails CVE-2007-6018 and some cross-site-scripting issues CVE-2009-0930. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Horde IMP Webmail客户端跨站脚本和HTML注入漏洞
BUGTRAQ ID: 33492 CVECAN ID: CVE-2009-0930 IMP是一款基于Web的强大的邮件程序,由Horde项目组开发,可使用在Linux/Unix或者Windows操作系统下。 IMP没有正确地过滤对smime.php、pgp.php和message.php模块的输入参数便返回给了用户,远程攻击者可以通过向这些模块提交恶意请求执行跨站脚本和HTML注入攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。 Horde IMP 4.3.x Horde IMP 4.2.x 厂商补丁: Horde -----...
CVE-2009-0930
CVE-2009-0930 describes cross-site scripting in Horde IMP, affecting Horde IMP before 4.2.2 and 4.3.3 via vectors in smime.php, pgp.php, and message.php. Multiple connected advisories (Gentoo GLSA 200909-14, Fedora/opensuse notes) corroborate the issue and recommend upgrading Horde IMP to a newer...