9 matches found
CVE-2019-9858
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...
Debian DSA-4468-1 : php-horde-form - security update
A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution. C Tenable Netwo...
[SECURITY] [DSA 4468-1] php-horde-form security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4468-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2019 https://www.debian.org/security/faq -...
Horde Groupware Webmail <= 5.2.22 RCE Vulnerability - Linux
Horde Groupware Webmail is prone to an authenticated remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...
UBUNTU-CVE-2019-9858
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...
CVE-2019-9858
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...
CVE-2019-9858
CVE-2019-9858 affects Horde Groupware Webmail (versions 5.2.22 and 5.2.17). The flaw is in Horde/Form/Type.php image upload handling: an unsanitized POST parameter object[photo][img][file] is used as the destination path for move_uploaded_file(), allowing an attacker to place a PHP file (e.g., vi...
Horde Form Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Horde Form File Upload Vulnerability', 'Description' = %q Horde Groupware Webmail contains a flaw that allows an authenticated remote attacker to...
Horde Form File Upload Vulnerability
Horde Groupware Webmail contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. The exploitation requires the Turba subcomponent to be installed. This module was tested on Horde versions 5.2.22 and 5.2.17 running Horde Form subcomponent 'Horde Form File Upload...