8 matches found
Authentication Bypass
php-horde-gollem is vulnerable to authentication bypass. The File Manager gollem module allows remote attackers to bypass Horde authentication for file downloads via a malicious fn parameter that corresponds to the exact filename...
Debian DLA-2352-1 : php-horde-gollem security update
The File Manager gollem module in Horde Groupware has allowed remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponded to the exact filename. For Debian 9 stretch, this problem has been fixed in version 3.0.10-1+deb9u2. We recommend that you...
Debian: Security Advisory (DLA-2352-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2352-1] php-horde-gollem security update
Debian LTS Advisory DLA-2352-1 [email protected] https://www.debian.org/lts/security/ Mike Gabriel August 29, 2020 https://wiki.debian.org/LTS Package : php-horde-gollem Version : 3.0.10-1+deb9u2 CVE ID : CVE-2017-15235 The File Manager gollem module in Horde Groupware has allowed remot...
DLA-2352-1 php-horde-gollem - security update
Bulletin has no description...
Debian DLA-2229-1 : php-horde-gollem security update
Gollem, as used in Horde Groupware Webmail Edition and other products, had been affected by a reflected Cross-Site Scripting XSS vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker could have obtained access to a victim's webmail...
Debian: Security Advisory (DLA-2229-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2229-1] php-horde-gollem security update
Package : php-horde-gollem Version : 3.0.3-2+deb8u1 CVE ID : CVE-2020-8034 Debian Bug : 961649 Gollem, as used in Horde Groupware Webmail Edition and other products, had been affected by a reflected Cross-Site Scripting XSS vulnerability via the HTTP GET dir parameter in the browser functionality...