13 matches found
Fedora 11 : horde-3.3.6-1.fc11 (2010-5483)
Upgrade to 3.3.6 - Fixes a lot of security bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 13 : horde-3.3.6-1.fc13 (2010-5563)
Upgrade to 3.3.6 - Fixes a lot of security bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 12 : horde-3.3.6-1.fc12 (2010-5520)
Upgrade to 3.3.6 - Fixes a lot of security bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora Update for horde FEDORA-2010-5483
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Debian DSA-1966-1 : horde3 - insufficient input sanitising
Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3237 It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences o...
openSUSE Security Update : horde (horde-1947)
This update of horde fixes : - CVE-2009-3236: CVSS v2 Base Score: 5.0: Overwrite arbitrary files and execute PHP code - CVE-2009-3237: CVSS v2 Base Score: 5.0: Cross-Site Scripting XSS - CVE-2009-3701: CVSS v2 Base Score: 4.3: Cross-Site Scripting XSS - CVE-2009-4363: CVSS v2 Base Score: 4.3:...
Debian: Security Advisory (DSA-1966-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting
------------------------------------------------------------------------ Debian Security Advisory DSA-1966-1 [email protected] http://www.debian.org/security/ Steffen Joeris January 07, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1966-1 [email protected] http://www.debian.org/security/ Steffen Joeris January 07, 2010 http://www.debian.org/security/faq -...
CVE-2009-4363
TextFilter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting XSS attacks via data:text/html...
CVE-2009-4363
TextFilter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting XSS attacks via data:text/html...
CVE-2009-4363
TextFilter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting XSS attacks via data:text/html...
CVE-2009-4363
CVE-2009-4363 affects Horde Framework components (Text_Filter/lib/Horde/Text/Filter/Xss.php) and related Horde Groupware packages, where data: URIs in HTML email HREF attributes could trigger cross-site scripting. Root cause is improper handling of data: URIs; vendor notes issue tied to Firefox. ...