{"id": "SECURITYVULNS:VULN:9808", "bulletinFamily": "software", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.\r\n\r\nOpenads: code execution", "published": "2009-04-10T00:00:00", "modified": "2009-04-10T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9808", "reporter": " ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:21609", "https://vulners.com/securityvulns/securityvulns:doc:21608", "https://vulners.com/securityvulns/securityvulns:doc:21607", "https://vulners.com/securityvulns/securityvulns:doc:21605", "https://vulners.com/securityvulns/securityvulns:doc:21606", "https://vulners.com/securityvulns/securityvulns:doc:21603", "https://vulners.com/securityvulns/securityvulns:doc:21621", "https://vulners.com/securityvulns/securityvulns:doc:21604"], "cvelist": ["CVE-2009-0932", "CVE-2008-3330", "CVE-2008-5917"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:32", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "625b1bb393da7065f87f27a65e5cf872"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "0dcebf1a26af0a2ba9319a96a9b62663"}, {"key": "cvss", "hash": "74ae407306a397b0a0ad358180716883"}, {"key": "description", "hash": "97bd18f12b3d313de33233974adc0761"}, {"key": "href", "hash": "3e064426b3e414bb75cb6f25acce7666"}, {"key": "modified", "hash": "cfffb936d641315586862081a1a7edc0"}, {"key": "published", "hash": "cfffb936d641315586862081a1a7edc0"}, {"key": "references", "hash": "b7d9203b2d6dc13276cee931f37ec208"}, {"key": "reporter", "hash": "7215ee9c7d9dc229d2921a40e899ec5f"}, {"key": "title", "hash": "c71de4d0becfd832639c1439702d0d67"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "8c579cdda78a281ad9024af17365e7a90a7e20e99113da9335b9d0feb4ea98b3", "viewCount": 1, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:09:32"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Exjune Guestbook", "operator": "eq", "version": "2"}, {"name": "Geeklog", "operator": "eq", "version": "1.5"}, {"name": "Horde", "operator": "eq", "version": "3.2"}, {"name": "SASPCMS", "operator": "eq", "version": "0.9"}, {"name": "AdaptBB", "operator": "eq", "version": "1.0"}, {"name": "net2ftp", "operator": "eq", "version": "0.97"}, {"name": "Openads", "operator": "eq", "version": "2.4"}]}

{"cve": [{"lastseen": "2016-09-03T11:32:48", "references": ["http://lists.horde.org/archives/announce/2008/000462.html", "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html", "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18", "http://lists.horde.org/archives/announce/2008/000464.html"], "description": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.", "edition": 1, "reporter": "NVD", "published": "2009-01-20T21:30:00", "type": "cve", "title": "CVE-2008-5917", "enchantments": {"score": {"modified": "2016-09-03T11:32:48", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-5917"], "scanner": [], "cpe": ["cpe:/a:horde:application_framework:3.3", "cpe:/a:horde:application_framework:3.2.2"], "modified": "2009-04-18T01:44:40", "id": "CVE-2008-5917", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5917", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T12:11:57", "references": ["http://lists.horde.org/archives/announce/2009/000482.html", "http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5", "http://securityreason.com/securityalert/8077", "http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5", "http://www.securityfocus.com/bid/33491", "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html", "http://lists.horde.org/archives/announce/2009/000483.html", "http://lists.horde.org/archives/announce/2009/000486.html", "http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503"], "edition": 1, "description": "Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.", "reporter": "NVD", "published": "2009-03-17T17:30:00", "title": "CVE-2009-0932", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T12:11:57", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-0932"], "scanner": [], "modified": "2011-09-21T23:07:42", "cpe": ["cpe:/a:debian:horde:3.3", "cpe:/a:debian:horde:3.2.2", "cpe:/a:debian:horde_groupware:1.1.1", "cpe:/a:debian:horde_groupware:1.1.2", "cpe:/a:debian:horde_groupware:1.1.3", "cpe:/a:debian:horde:3.2.3", "cpe:/a:debian:horde:3.3.1", "cpe:/a:debian:horde:3.2", "cpe:/a:debian:horde_groupware:1.1.4", "cpe:/a:debian:horde:3.3.2"], "id": "CVE-2009-0932", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0932", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-08-08T11:24:48", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492578", "http://www.securitytracker.com/id?1020567", "https://exchange.xforce.ibmcloud.com/vulnerabilities/44198", "http://www.securityfocus.com/bid/29745", "http://www.securitytracker.com/id?1020566"], "description": "Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.", "edition": 2, "reporter": "NVD", "published": "2008-07-27T18:41:00", "title": "CVE-2008-3330", "type": "cve", "enchantments": {"score": {"modified": "2017-08-08T11:24:48", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-3330"], "scanner": [], "modified": "2017-08-07T21:31:47", "cpe": ["cpe:/a:debian:horde:3.2", "cpe:/a:debian:turba:2.2"], "id": "CVE-2008-3330", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3330", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:56:21", "references": [], "pluginID": "63792", "description": "The remote host is missing an update to horde3\nannounced via advisory DSA 1765-1.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-04-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "Debian Security Advisory DSA 1765-1 (horde3)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2008-3330", "CVE-2008-5917"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63792", "id": "OPENVAS:63792", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1765_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1765-1 (horde3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in horde3, the horde web application\nframework. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-0932\n\nGunnar Wrobel discovered a directory traversal vulnerability, which\nallows attackers to include and execute arbitrary local files via the\ndriver parameter in Horde_Image.\n\nCVE-2008-3330\n\nIt was discovered that an attacker could perform a cross-site scripting\nattack via the contact name, which allows attackers to inject arbitrary\nhtml code. This requires that the attacker has access to create\ncontacts.\n\nCVE-2008-5917\n\nIt was discovered that the horde XSS filter is prone to a cross-site\nscripting attack, which allows attackers to inject arbitrary html code.\nThis is only exploitable when Internet Explorer is used.\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 3.1.3-4etch5.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2, which was already included in the lenny\nrelease.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 3.2.2+debian0-2.\n\n\nWe recommend that you upgrade your horde3 packages.\";\ntag_summary = \"The remote host is missing an update to horde3\nannounced via advisory DSA 1765-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201765-1\";\n\n\nif(description)\n{\n script_id(63792);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2009-0932\", \"CVE-2008-3330\", \"CVE-2008-5917\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1765-1 (horde3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"horde3\", ver:\"3.1.3-4etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:05", "references": [], "pluginID": "136141256231063792", "description": "The remote host is missing an update to horde3\nannounced via advisory DSA 1765-1.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-04-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1765-1 (horde3)", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2008-3330", "CVE-2008-5917"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063792", "id": "OPENVAS:136141256231063792", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1765_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1765-1 (horde3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in horde3, the horde web application\nframework. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-0932\n\nGunnar Wrobel discovered a directory traversal vulnerability, which\nallows attackers to include and execute arbitrary local files via the\ndriver parameter in Horde_Image.\n\nCVE-2008-3330\n\nIt was discovered that an attacker could perform a cross-site scripting\nattack via the contact name, which allows attackers to inject arbitrary\nhtml code. This requires that the attacker has access to create\ncontacts.\n\nCVE-2008-5917\n\nIt was discovered that the horde XSS filter is prone to a cross-site\nscripting attack, which allows attackers to inject arbitrary html code.\nThis is only exploitable when Internet Explorer is used.\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 3.1.3-4etch5.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2, which was already included in the lenny\nrelease.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 3.2.2+debian0-2.\n\n\nWe recommend that you upgrade your horde3 packages.\";\ntag_summary = \"The remote host is missing an update to horde3\nannounced via advisory DSA 1765-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201765-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63792\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2009-0932\", \"CVE-2008-3330\", \"CVE-2008-5917\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1765-1 (horde3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"horde3\", ver:\"3.1.3-4etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:57:06", "references": [], "pluginID": "64883", "description": "The remote host is missing updates announced in\nadvisory GLSA 200909-14.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-15T00:00:00", "title": "Gentoo Security Advisory GLSA 200909-14 (horde horde-imp horde-passwd)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-0931", "CVE-2008-5917", "CVE-2009-0930", "CVE-2009-2360"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64883", "id": "OPENVAS:64883", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in Horde and two modules,\n allowing for the execution of arbitrary code, information disclosure,\nor\n Cross-Site Scripting.\";\ntag_solution = \"All Horde users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-3.3.4\n\nAll Horde IMP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-imp-4.3.4\n\nAll Horde Passwd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-passwd-3.1.1\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200909-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=256125\nhttp://bugs.gentoo.org/show_bug.cgi?id=262976\nhttp://bugs.gentoo.org/show_bug.cgi?id=262978\nhttp://bugs.gentoo.org/show_bug.cgi?id=277294\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200909-14.\";\n\n \n \n\nif(description)\n{\n script_id(64883);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2008-5917\", \"CVE-2009-0930\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2009-2360\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200909-14 (horde horde-imp horde-passwd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-apps/horde\", unaffected: make_list(\"ge 3.3.4\"), vulnerable: make_list(\"lt 3.3.4\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-apps/horde-imp\", unaffected: make_list(\"ge 4.3.4\"), vulnerable: make_list(\"lt 4.3.4\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-apps/horde-passwd\", unaffected: make_list(\"ge 3.1.1\"), vulnerable: make_list(\"lt 3.1.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:40:16", "references": [], "pluginID": "136141256231064883", "description": "The remote host is missing updates announced in\nadvisory GLSA 200909-14.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-15T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200909-14 (horde horde-imp horde-passwd)", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-0931", "CVE-2008-5917", "CVE-2009-0930", "CVE-2009-2360"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064883", "id": "OPENVAS:136141256231064883", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in Horde and two modules,\n allowing for the execution of arbitrary code, information disclosure,\nor\n Cross-Site Scripting.\";\ntag_solution = \"All Horde users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-3.3.4\n\nAll Horde IMP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-imp-4.3.4\n\nAll Horde Passwd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-passwd-3.1.1\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200909-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=256125\nhttp://bugs.gentoo.org/show_bug.cgi?id=262976\nhttp://bugs.gentoo.org/show_bug.cgi?id=262978\nhttp://bugs.gentoo.org/show_bug.cgi?id=277294\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200909-14.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64883\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2008-5917\", \"CVE-2009-0930\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2009-2360\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200909-14 (horde horde-imp horde-passwd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-apps/horde\", unaffected: make_list(\"ge 3.3.4\"), vulnerable: make_list(\"lt 3.3.4\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-apps/horde-imp\", unaffected: make_list(\"ge 4.3.4\"), vulnerable: make_list(\"lt 4.3.4\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-apps/horde-passwd\", unaffected: make_list(\"ge 3.1.1\"), vulnerable: make_list(\"lt 3.1.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:05:42", "references": ["http://www.securityfocus.com/bid/33367"], "pluginID": "1361412562310100117", "description": "Horde is prone to a cross-site scripting vulnerability because it fails to\nproperly sanitize user-supplied input.\n\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the\ncontext of the affected site. This may let the attacker steal cookie-based authentication credentials and launch\nother attacks.\n\nNote that this issue also affects Turba on Horde IMP.\n\nVersions prior to Horde 3.2.3 and 3.3.1 are vulnerable.", "edition": 4, "reporter": "This script is Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-04-10T00:00:00", "title": "Horde XSS Filter Cross Site Scripting Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5917"], "modified": "2018-05-28T00:00:00", "id": "OPENVAS:1361412562310100117", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100117", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: horde_33367.nasl 9981 2018-05-28 11:16:52Z ckuersteiner $\n#\n# Horde XSS Filter Cross Site Scripting Vulnerability\n#\n# Authors\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:horde:horde_groupware';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100117\");\n script_version(\"$Revision: 9981 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-28 13:16:52 +0200 (Mon, 28 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-10 19:06:18 +0200 (Fri, 10 Apr 2009)\");\n script_bugtraq_id(33367);\n script_cve_id(\"CVE-2008-5917\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Horde XSS Filter Cross Site Scripting Vulnerability\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"horde_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"horde/installed\");\n\n script_tag(name: \"summary\", value: \"Horde is prone to a cross-site scripting vulnerability because it fails to\nproperly sanitize user-supplied input.\n\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the\ncontext of the affected site. This may let the attacker steal cookie-based authentication credentials and launch\nother attacks.\n\nNote that this issue also affects Turba on Horde IMP.\n\nVersions prior to Horde 3.2.3 and 3.3.1 are vulnerable.\");\n\n script_xref(name: \"URL\", value: \"http://www.securityfocus.com/bid/33367\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_in_range(version:version, test_version:\"3.3\", test_version2:\"3.3.0\") ||\n version_in_range(version:version, test_version:\"3.2\", test_version2:\"3.2.2\")) {\n security_message(port:port);\n exit(0);\n} \n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-27T10:56:40", "references": ["http://www.securityfocus.com/bid/33367"], "pluginID": "100117", "description": "Horde is prone to a cross-site scripting vulnerability because it\n fails to properly sanitize user-supplied input.\n\n An attacker may leverage this issue to execute arbitrary script code\n in the browser of an unsuspecting user in the context of the\n affected site. This may let the attacker steal cookie-based\n authentication credentials and launch other attacks.\n\n Note that this issue also affects Turba on Horde IMP.\n\n Versions prior to Horde 3.2.3 and 3.3.1 are vulnerable.", "edition": 2, "reporter": "This script is Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-04-10T00:00:00", "title": "Horde XSS Filter Cross Site Scripting Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5917"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=100117", "id": "OPENVAS:100117", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: horde_33367.nasl 6704 2017-07-12 14:13:36Z cfischer $\n#\n# Horde XSS Filter Cross Site Scripting Vulnerability\n#\n# Authors\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Horde is prone to a cross-site scripting vulnerability because it\n fails to properly sanitize user-supplied input.\n\n An attacker may leverage this issue to execute arbitrary script code\n in the browser of an unsuspecting user in the context of the\n affected site. This may let the attacker steal cookie-based\n authentication credentials and launch other attacks.\n\n Note that this issue also affects Turba on Horde IMP.\n\n Versions prior to Horde 3.2.3 and 3.3.1 are vulnerable.\";\n\n\nif (description)\n{\n script_id(100117);\n script_version(\"$Revision: 6704 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 16:13:36 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-10 19:06:18 +0200 (Fri, 10 Apr 2009)\");\n script_bugtraq_id(33367);\n script_cve_id(\"CVE-2008-5917\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_name(\"Horde XSS Filter Cross Site Scripting Vulnerability\");\n\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"horde_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"horde/installed\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/33367\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif(!version = get_kb_item(string(\"www/\", port, \"/horde\")))exit(0);\nif(!matches = eregmatch(string:version, pattern:\"^(.+) under (/.*)$\"))exit(0);\n\nvers = matches[1];\n\nif(!isnull(vers)) {\n\n if(version_in_range(version:vers, test_version:\"3.3\", test_version2:\"3.3.0\") ||\n version_in_range(version:vers, test_version:\"3.2\", test_version2:\"3.2.2\") ) {\n security_message(port:port);\n exit(0);\n } \n\n} \n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-27T10:56:44", "references": ["http://www.securityfocus.com/bid/29745"], "pluginID": "100116", "description": "Horde Turba is prone to an HTML-injection vulnerability because it\n fails to properly sanitize user-supplied input.\n\n Attacker-supplied HTML and script code would execute in the context\n of the affected site, potentially allowing the attacker to steal\n cookie-based authentication credentials or to control how the site is\n rendered to the user; other attacks are also possible.\n\n Horde 3.1.7, 3.2, and prior versions are vulnerable.", "edition": 2, "reporter": "This script is Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-04-10T00:00:00", "title": "Horde Turba 'services/obrowser/index.php' HTML Injection Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3330"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=100116", "id": "OPENVAS:100116", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: horde_29745.nasl 6704 2017-07-12 14:13:36Z cfischer $\n#\n# Horde Turba 'services/obrowser/index.php' HTML Injection\n# Vulnerability\n#\n# Authors\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Horde Turba is prone to an HTML-injection vulnerability because it\n fails to properly sanitize user-supplied input.\n\n Attacker-supplied HTML and script code would execute in the context\n of the affected site, potentially allowing the attacker to steal\n cookie-based authentication credentials or to control how the site is\n rendered to the user; other attacks are also possible.\n\n Horde 3.1.7, 3.2, and prior versions are vulnerable.\";\n\n\nif (description)\n{\n script_id(100116);\n script_version(\"$Revision: 6704 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 16:13:36 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-10 19:06:18 +0200 (Fri, 10 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2008-3330\");\n script_bugtraq_id(29745);\n\n script_name(\"Horde Turba 'services/obrowser/index.php' HTML Injection Vulnerability\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"horde_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"horde/installed\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/29745\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\n\nif(!version = get_kb_item(string(\"www/\", port, \"/horde\")))exit(0);\nif(!matches = eregmatch(string:version, pattern:\"^(.+) under (/.*)$\"))exit(0);\n\nvers = matches[1];\n\nif(!isnull(vers)) {\n\n if(version_in_range(version:vers, test_version:\"3.1\", test_version2:\"3.1.7\") ||\n version_in_range(version:vers, test_version:\"3.2\", test_version2:\"3.2.0\") ) {\n security_message(port:port);\n exit(0);\n } \n\n} \n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-04T14:19:57", "references": ["http://secunia.com/advisories/33695", "http://packetstormsecurity.org/files/view/98424/horde-lfi.txt"], "pluginID": "801849", "description": "The host is running Horde and is prone to local file inclusion\n vulnerability.", "edition": 2, "reporter": "Copyright (C) 2011 Greenbone Networks GmbH", "published": "2011-02-17T00:00:00", "title": "Horde Products Local File Inclusion Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932"], "modified": "2017-08-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=801849", "id": "OPENVAS:801849", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_horde_lfi_vuln.nasl 7029 2017-08-31 11:51:40Z teissa $\n#\n# Horde Products Local File Inclusion Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to include and execute\n arbitrary local files via directory traversal sequences in the Horde_Image\n driver name.\n Impact Level: Application\";\ntag_affected = \"Horde versions before 3.2.4 and 3.3.3\n Horde Groupware versions before 1.1.5\";\ntag_insight = \"The flaw is caused by improper validation of user-supplied input to the\n 'driver' argument of the 'Horde_Image::factory' method before using it to\n include PHP code in 'lib/Horde/Image.php'.\";\ntag_solution = \"Upgarade to Horde 3.2.4 or 3.3.3 and Horde Groupware 1.1.5.\n For updates refer to http://www.horde.org/download/\";\ntag_summary = \"The host is running Horde and is prone to local file inclusion\n vulnerability.\";\n\nif(description)\n{\n script_id(801849);\n script_version(\"$Revision: 7029 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-17 16:08:28 +0100 (Thu, 17 Feb 2011)\");\n script_cve_id(\"CVE-2009-0932\");\n script_bugtraq_id(33491);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Horde Products Local File Inclusion Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/33695\");\n script_xref(name : \"URL\" , value : \"http://packetstormsecurity.org/files/view/98424/horde-lfi.txt\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"horde_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"horde/installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"http_keepalive.inc\");\n\n## Get HTTP Port\nport = get_http_port(default:80);\nif(!port){\n exit(0);\n}\n\nif(dir = get_dir_from_kb(port:port,app:\"horde\"))\n{\n foreach file (make_list(\"/etc/passwd\",\"boot.ini\"))\n {\n ## Construct The Attack Request\n url = string(dir, \"/util/barcode.php?type=../../../../../../../../../../..\",\n file,\"%00\");\n\n ## Try attack and check the response to confirm vulnerability\n if(http_vuln_check(port:port, url:url, pattern:\"(root:.*:0:[01]:|\\[boot loader\\])\"))\n {\n security_message(port:port);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-10T14:43:03", "references": ["http://secunia.com/advisories/33695", "http://packetstormsecurity.org/files/view/98424/horde-lfi.txt"], "pluginID": "1361412562310801849", "description": "The host is running Horde and is prone to local file inclusion\n vulnerability.", "edition": 6, "reporter": "Copyright (C) 2011 Greenbone Networks GmbH", "published": "2011-02-17T00:00:00", "title": "Horde Products Local File Inclusion Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932"], "modified": "2018-10-09T00:00:00", "id": "OPENVAS:1361412562310801849", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801849", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_horde_lfi_vuln.nasl 11796 2018-10-09 13:08:43Z jschulte $\n#\n# Horde Products Local File Inclusion Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:horde:horde_groupware';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801849\");\n script_version(\"$Revision: 11796 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-09 15:08:43 +0200 (Tue, 09 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-17 16:08:28 +0100 (Thu, 17 Feb 2011)\");\n script_cve_id(\"CVE-2009-0932\");\n script_bugtraq_id(33491);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Horde Products Local File Inclusion Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/33695\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.org/files/view/98424/horde-lfi.txt\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"horde_detect.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"horde/installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to include and execute\n arbitrary local files via directory traversal sequences in the Horde_Image driver name.\");\n\n script_tag(name:\"affected\", value:\"Horde versions before 3.2.4 and 3.3.3, Horde Groupware versions before\n 1.1.5\");\n\n script_tag(name:\"insight\", value:\"The flaw is caused by improper validation of user-supplied input to the\n 'driver' argument of the 'Horde_Image::factory' method before using it to include PHP code in\n 'lib/Horde/Image.php'.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Horde 3.2.4 or 3.3.3 and Horde Groupware 1.1.5.\");\n\n script_tag(name:\"summary\", value:\"The host is running Horde and is prone to local file inclusion\n vulnerability.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"misc_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!dir = get_app_location(cpe: CPE, port: port))\n exit(0);\n\nif (dir == \"/\")\n dir = \"\";\n\nfiles = traversal_files();\n\nforeach pattern (keys(files)) {\n url = dir + \"/util/barcode.php?type=../../../../../../../../../../../\" + file + \"%00\";\n\n if (http_vuln_check(port:port, url:url, pattern:pattern, check_header: TRUE)) {\n report = report_vuln_url(port: port, url: url);\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-27T10:55:54", "references": ["http://www.securityfocus.com/bid/33491"], "pluginID": "100118", "description": "Horde products are prone to a local file-include vulnerability and a\n cross-site scripting vulnerability because they fail to properly\n sanitize user-supplied input.\n\n An attacker can exploit the local file-include vulnerability using\n directory-traversal strings to view and execute local files within\n the context of the webserver process. Information harvested may aid\n in further attacks.\n\n The attacker may leverage the cross-site scripting issue to execute\n arbitrary script code in the browser of an unsuspecting user in the\n context of the affected site. This may let the attacker steal\n cookie-based authentication credentials and launch other attacks.\n\n The issues affect versions prior to the following:\n\n Horde 3.2.4 and 3.3.3\n Horde Groupware 1.1.5", "edition": 2, "reporter": "This script is Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-04-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "Horde Products Local File Include and Cross Site Scripting Vulnerabilities", "type": "openvas", "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=100118", "id": "OPENVAS:100118", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: horde_33491.nasl 6704 2017-07-12 14:13:36Z cfischer $\n#\n# Horde Products Local File Include and Cross Site Scripting\n# Vulnerabilities\n#\n# Authors\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Horde products are prone to a local file-include vulnerability and a\n cross-site scripting vulnerability because they fail to properly\n sanitize user-supplied input.\n\n An attacker can exploit the local file-include vulnerability using\n directory-traversal strings to view and execute local files within\n the context of the webserver process. Information harvested may aid\n in further attacks.\n\n The attacker may leverage the cross-site scripting issue to execute\n arbitrary script code in the browser of an unsuspecting user in the\n context of the affected site. This may let the attacker steal\n cookie-based authentication credentials and launch other attacks.\n\n The issues affect versions prior to the following:\n\n Horde 3.2.4 and 3.3.3\n Horde Groupware 1.1.5\";\n\n\nif (description)\n{\n script_id(100118);\n script_version(\"$Revision: 6704 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 16:13:36 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-10 19:06:18 +0200 (Fri, 10 Apr 2009)\");\n script_bugtraq_id(33491);\n script_cve_id(\"CVE-2009-0932\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_name(\"Horde Products Local File Include and Cross Site Scripting Vulnerabilities\");\n\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"horde_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"horde/installed\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/33491\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif(!version = get_kb_item(string(\"www/\", port, \"/horde\")))exit(0);\nif(!matches = eregmatch(string:version, pattern:\"^(.+) under (/.*)$\"))exit(0);\n\nvers = matches[1];\n\nif(!isnull(vers)) {\n\n if(version_in_range(version:vers, test_version:\"3.3\", test_version2:\"3.3.2\") ||\n version_in_range(version:vers, test_version:\"3.2\", test_version2:\"3.2.3\") ) {\n security_message(port:port);\n exit(0);\n } \n\n} \n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:54", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "packageVersion": "3.1.3-4etch5", "arch": "all", "packageFilename": "horde3_3.1.3-4etch5_all.deb", "packageName": "horde3", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1765-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nApril 08, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : horde3\nVulnerability : Multiple vulnerabilities\nProblem type : remote\nDebian-specific: no\nCVE Ids : CVE-2009-0932 CVE-2008-3330 CVE-2008-5917\nDebian Bugs : 513265 512592 492578\n\nSeveral vulnerabilities have been found in horde3, the horde web application\nframework. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\n\nCVE-2009-0932\n\nGunnar Wrobel discovered a directory traversal vulnerability, which\nallows attackers to include and execute arbitrary local files via the\ndriver parameter in Horde_Image.\n\nCVE-2008-3330\n\nIt was discovered that an attacker could perform a cross-site scripting\nattack via the contact name, which allows attackers to inject arbitrary\nhtml code. This requires that the attacker has access to create\ncontacts.\n\nCVE-2008-5917\n\nIt was discovered that the horde XSS filter is prone to a cross-site\nscripting attack, which allows attackers to inject arbitrary html code.\nThis is only exploitable when Internet Explorer is used.\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 3.1.3-4etch5.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2, which was already included in the lenny\nrelease.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 3.2.2+debian0-2.\n\n\nWe recommend that you upgrade your horde3 packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz\n Size/MD5 checksum: 5232958 fbc56c608ac81474b846b1b4b7bb5ee7\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch5.diff.gz\n Size/MD5 checksum: 13749 d7ad332e2f535b9df1ab49bd9c7233fa\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch5.dsc\n Size/MD5 checksum: 1076 c6082f3a21860b6b65b7edc4c58b0c07\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch5_all.deb\n Size/MD5 checksum: 5274074 e4cfd0484345a153c33481101472a1fe\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 1, "reporter": "Debian", "published": "2009-04-08T13:22:55", "title": "[SECURITY] [DSA 1765-1] New horde3 packages fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:54", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-0932", "CVE-2008-3330", "CVE-2008-5917"], "modified": "2009-04-08T13:22:55", "id": "DEBIAN:DSA-1765-1:FDB13", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00075.html", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-11-11T12:53:27", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-3330", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492578", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513265", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512592", "https://security-tracker.debian.org/tracker/CVE-2009-0932", "https://www.debian.org/security/2009/dsa-1765", "https://security-tracker.debian.org/tracker/CVE-2008-5917"], "pluginID": "36119", "description": "Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-0932 Gunnar Wrobel discovered a directory traversal vulnerability, which allows attackers to include and execute arbitrary local files via the driver parameter in Horde_Image.\n\n - CVE-2008-3330 It was discovered that an attacker could perform a cross-site scripting attack via the contact name, which allows attackers to inject arbitrary html code. This requires that the attacker has access to create contacts.\n\n - CVE-2008-5917 It was discovered that the horde XSS filter is prone to a cross-site scripting attack, which allows attackers to inject arbitrary html code. This is only exploitable when Internet Explorer is used.", "edition": 7, "reporter": "Tenable", "published": "2009-04-09T00:00:00", "title": "Debian DSA-1765-1 : horde3 - Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2008-3330", "CVE-2008-5917"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:horde3"], "id": "DEBIAN_DSA-1765.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36119", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1765. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36119);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2008-3330\", \"CVE-2008-5917\", \"CVE-2009-0932\");\n script_bugtraq_id(29745, 33491);\n script_xref(name:\"DSA\", value:\"1765\");\n\n script_name(english:\"Debian DSA-1765-1 : horde3 - Multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in horde3, the horde web\napplication framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2009-0932\n Gunnar Wrobel discovered a directory traversal\n vulnerability, which allows attackers to include and\n execute arbitrary local files via the driver parameter\n in Horde_Image.\n\n - CVE-2008-3330\n It was discovered that an attacker could perform a\n cross-site scripting attack via the contact name, which\n allows attackers to inject arbitrary html code. This\n requires that the attacker has access to create\n contacts.\n\n - CVE-2008-5917\n It was discovered that the horde XSS filter is prone to\n a cross-site scripting attack, which allows attackers to\n inject arbitrary html code. This is only exploitable\n when Internet Explorer is used.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1765\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the horde3 packages.\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 3.1.3-4etch5.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2, which was already included in the lenny\nrelease.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Horde < 3.3.2 LFI\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:horde3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"horde3\", reference:\"3.1.3-4etch5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"horde3\", reference:\"3.2.2+debian0-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:01:58", "references": [], "pluginID": "36005", "description": "Version update to horde 3.1.9 fixes a cross-site-scripting (XSS) issue (CVE-2008-5917) and an include file problem (CVE-2009-0932).", "edition": 5, "reporter": "Tenable", "published": "2009-03-24T00:00:00", "title": "openSUSE 10 Security Update : horde (horde-6099)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2008-5917"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:horde"], "id": "SUSE_HORDE-6099.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update horde-6099.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36005);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:46 $\");\n\n script_cve_id(\"CVE-2008-5917\", \"CVE-2009-0932\");\n\n script_name(english:\"openSUSE 10 Security Update : horde (horde-6099)\");\n script_summary(english:\"Check for the horde-6099 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Version update to horde 3.1.9 fixes a cross-site-scripting (XSS) issue\n(CVE-2008-5917) and an include file problem (CVE-2009-0932).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Horde < 3.3.2 LFI\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"horde-3.1.9-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:03:51", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=467887", "https://bugzilla.novell.com/show_bug.cgi?id=470086", "https://bugzilla.novell.com/show_bug.cgi?id=348297"], "pluginID": "39985", "description": "Version update to horde 3.1.9 fixes a cross-site-scripting (XSS) issue (CVE-2008-5917) and an include file problem (CVE-2009-0932).", "edition": 5, "reporter": "Tenable", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : horde (horde-657)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2008-5917"], "modified": "2016-12-21T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:horde"], "id": "SUSE_11_0_HORDE-090319.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39985", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update horde-657.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39985);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:49 $\");\n\n script_cve_id(\"CVE-2008-5917\", \"CVE-2009-0932\");\n\n script_name(english:\"openSUSE Security Update : horde (horde-657)\");\n script_summary(english:\"Check for the horde-657 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Version update to horde 3.1.9 fixes a cross-site-scripting (XSS) issue\n(CVE-2008-5917) and an include file problem (CVE-2009-0932).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=348297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=467887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=470086\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Horde < 3.3.2 LFI\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"horde-3.1.9-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:32:53", "references": ["https://security.gentoo.org/glsa/200909-14"], "pluginID": "40961", "description": "The remote host is affected by the vulnerability described in GLSA-200909-14 (Horde: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Horde:\n Gunnar Wrobel reported an input sanitation and directory traversal flaw in framework/Image/Image.php, related to the 'Horde_Image driver name' (CVE-2009-0932).\n Gunnar Wrobel reported that data sent to horde/services/portal/cloud_search.php is not properly sanitized before used in the output (CVE-2009-0931).\n It was reported that data sent to framework/Text_Filter/Filter/xss.php is not properly sanitized before used in the output (CVE-2008-5917).\n Horde Passwd: David Wharton reported that data sent via the 'backend' parameter to passwd/main.php is not properly sanitized before used in the output (CVE-2009-2360).\n Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php, and message.php is not properly sanitized before used in the output (CVE-2009-0930).\n Impact :\n\n A remote authenticated attacker could exploit these vulnerabilities to execute arbitrary PHP files on the server, or disclose the content of arbitrary files, both only if the file is readable to the web server. A remote authenticated attacker could conduct Cross-Site Scripting attacks. NOTE: Some Cross-Site Scripting vectors are limited to the usage of Microsoft Internet Explorer.\n Workaround :\n\n There is no known workaround at this time.", "edition": 6, "reporter": "Tenable", "published": "2009-09-14T00:00:00", "title": "GLSA-200909-14 : Horde: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-0931", "CVE-2008-5917", "CVE-2009-0930", "CVE-2009-2360"], "modified": "2018-07-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:horde", "p-cpe:/a:gentoo:linux:horde-imp", "p-cpe:/a:gentoo:linux:horde-passwd"], "id": "GENTOO_GLSA-200909-14.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40961", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200909-14.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40961);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2008-5917\", \"CVE-2009-0930\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2009-2360\");\n script_bugtraq_id(33491, 33492);\n script_xref(name:\"GLSA\", value:\"200909-14\");\n\n script_name(english:\"GLSA-200909-14 : Horde: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200909-14\n(Horde: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Horde:\n Gunnar Wrobel reported an input sanitation and directory traversal\n flaw in framework/Image/Image.php, related to the 'Horde_Image driver\n name' (CVE-2009-0932).\n Gunnar Wrobel reported that data sent\n to horde/services/portal/cloud_search.php is not properly sanitized\n before used in the output (CVE-2009-0931).\n It was reported\n that data sent to framework/Text_Filter/Filter/xss.php is not properly\n sanitized before used in the output (CVE-2008-5917).\n Horde Passwd: David Wharton reported that data sent via the 'backend'\n parameter to passwd/main.php is not properly sanitized before used in\n the output (CVE-2009-2360).\n Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php,\n and message.php is not properly sanitized before used in the output\n (CVE-2009-0930).\n \nImpact :\n\n A remote authenticated attacker could exploit these vulnerabilities to\n execute arbitrary PHP files on the server, or disclose the content of\n arbitrary files, both only if the file is readable to the web server. A\n remote authenticated attacker could conduct Cross-Site Scripting\n attacks. NOTE: Some Cross-Site Scripting vectors are limited to the\n usage of Microsoft Internet Explorer.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200909-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Horde users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/horde-3.3.4'\n All Horde IMP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/horde-imp-4.3.4'\n All Horde Passwd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/horde-passwd-3.1.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Horde < 3.3.2 LFI\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:horde-imp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:horde-passwd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/horde\", unaffected:make_list(\"ge 3.3.4\"), vulnerable:make_list(\"lt 3.3.4\"))) flag++;\nif (qpkg_check(package:\"www-apps/horde-imp\", unaffected:make_list(\"ge 4.3.4\"), vulnerable:make_list(\"lt 4.3.4\"))) flag++;\nif (qpkg_check(package:\"www-apps/horde-passwd\", unaffected:make_list(\"ge 3.1.1\"), vulnerable:make_list(\"lt 3.1.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Horde\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:51:00", "references": ["https://lists.horde.org/archives/announce/2009/000482.html", "https://lists.horde.org/archives/announce/2009/000488.html", "https://lists.horde.org/archives/announce/2009/000483.html", "https://lists.horde.org/archives/announce/2009/000489.html", "https://lists.horde.org/archives/announce/2009/000487.html", "https://lists.horde.org/archives/announce/2009/000486.html"], "pluginID": "35554", "description": "The version of Horde, Horde Groupware, or Horde Groupware Webmail Edition installed on the remote host fails to filter input to the 'driver' argument of the 'Horde_Image::factory' method before using it to include PHP code in 'lib/Horde/Image.php'. Regardless of PHP's 'register_globals' and 'magic_quotes_gpc' settings, an unauthenticated attacker can exploit this issue to view arbitrary files or possibly to execute arbitrary PHP code on the remote host, subject to the privileges of the web server user id. \n\nNote that this install is also likely affected by a cross-site scripting issue in the 'services/portal/cloud_search.php' script although Nessus has not checked for that.", "edition": 7, "reporter": "Tenable", "published": "2009-01-29T00:00:00", "title": "Horde Horde_Image::factory driver Argument Local File Inclusion", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932"], "modified": "2018-06-13T00:00:00", "cpe": ["cpe:/a:horde:horde_application_framework"], "id": "HORDE_IMAGE_DRIVER_TYPE_LFI.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35554", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35554);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/06/13 18:56:27\");\n\n script_cve_id(\"CVE-2009-0932\");\n script_bugtraq_id(33491);\n script_xref(name:\"Secunia\", value:\"33695\");\n\n script_name(english:\"Horde Horde_Image::factory driver Argument Local File Inclusion\");\n script_summary(english:\"Tries to read a local file\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is susceptible\nto a local file include attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Horde, Horde Groupware, or Horde Groupware Webmail\nEdition installed on the remote host fails to filter input to the\n'driver' argument of the 'Horde_Image::factory' method before using it\nto include PHP code in 'lib/Horde/Image.php'. Regardless of PHP's\n'register_globals' and 'magic_quotes_gpc' settings, an unauthenticated\nattacker can exploit this issue to view arbitrary files or possibly to\nexecute arbitrary PHP code on the remote host, subject to the\nprivileges of the web server user id. \n\nNote that this install is also likely affected by a cross-site\nscripting issue in the 'services/portal/cloud_search.php' script\nalthough Nessus has not checked for that.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.horde.org/archives/announce/2009/000482.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.horde.org/archives/announce/2009/000483.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.horde.org/archives/announce/2009/000486.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.horde.org/archives/announce/2009/000487.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.horde.org/archives/announce/2009/000488.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.horde.org/archives/announce/2009/000489.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"If using Horde, upgrade to version 3.3.3 / 3.2.4 or later. \n\nIf using Horde Groupware, upgrade to version 1.2.2 / 1.1.5 or later. \n\nIf using Horde Groupware Webmail Edition, upgrade to version 1.2.2 /\n1.1.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Horde < 3.3.2 LFI\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/01/29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:horde:horde_application_framework\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"horde_detect.nasl\", \"os_fingerprint.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/horde\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"data_protection.inc\");\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port)) exit(0, \"The web server on port \"+port+\" does not support PHP.\");\n\n\n# Try to retrieve a local file.\nos = get_kb_item(\"Host/OS\");\nif (os)\n{\n if (\"Windows\" >< os) file = '/boot.ini';\n else file = '/etc/passwd';\n files = make_list(file);\n}\nelse files = make_list('/etc/passwd', '/boot.ini');\nfiles = make_list(files, 'js/addEvent.php');\nfile_pats = make_array();\nfile_pats['/etc/passwd'] = \"root:.*:0:[01]:\";\nfile_pats['/boot.ini'] = \"^ *\\[boot loader\\]\";\nfile_pats['js/addEvent.php'] = \"\\$Horde: horde/js/addEvent\\.php\";\n\n\n# Test an install.\ninstall = get_kb_item(string(\"www/\", port, \"/horde\"));\nif (isnull(install)) exit(0, \"Horde was not detected on port \"+port);\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches))\n{\n dir = matches[2];\n\n # Loop through files to look for.\n foreach file (files)\n {\n if (file[0] == '/') traversal = crap(data:\"../\", length:3*9) + '..';\n else traversal = '../../../';\n\n if (substr(file, strlen(file)-4) == \".php\")\n exploit = string(traversal, substr(file, 0, strlen(file)-4-1));\n else\n exploit = string(traversal, file, \"%00\");\n\n url = string(\n dir, \"/util/barcode.php?\",\n \"type=\", exploit\n );\n\n res = http_send_recv3(method:\"GET\", item:url, port:port);\n if (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n # There's a problem if we see the expected contents.\n pat = file_pats[file];\n if (egrep(pattern:pat, string:res[2]))\n {\n if (report_verbosity > 0)\n {\n if (os && \"Windows\" >< os) file = str_replace(find:'/', replace:'\\\\', string:file);\n\n report = string(\n \"\\n\",\n \"Nessus was able to exploit the issue to retrieve the contents of\\n\",\n \"'\", file, \"' on the remote host using the following URL :\\n\",\n \"\\n\",\n \" \", build_url(port:port, qs:url), \"\\n\"\n );\n if (report_verbosity > 1)\n {\n if (\"Call to undefined method PEAR_Error::\" >< res[2])\n res[2] = res[2] - strstr(res[2], \"<br />\");\n res[2] = data_protection::redact_etc_passwd(output:res[2]);\n report += string(\n \"\\n\",\n \"Here are its contents :\\n\",\n \"\\n\",\n crap(data:\"-\", length:30), \" snip \", crap(data:\"-\", length:30), \"\\n\",\n res[2],\n crap(data:\"-\", length:30), \" snip \", crap(data:\"-\", length:30), \"\\n\"\n );\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n\n exit(0);\n }\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:53:45", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=461887", "https://bugzilla.redhat.com/show_bug.cgi?id=461886", "https://bugzilla.redhat.com/show_bug.cgi?id=480818", "https://bugzilla.redhat.com/show_bug.cgi?id=549506", "https://bugzilla.redhat.com/show_bug.cgi?id=523407", "http://www.nessus.org/u?187fbedd", "https://bugzilla.redhat.com/show_bug.cgi?id=523401", "https://bugzilla.redhat.com/show_bug.cgi?id=549516", "https://bugzilla.redhat.com/show_bug.cgi?id=490932"], "pluginID": "47390", "description": "Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 11 : horde-3.3.6-1.fc11 (2010-5483)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "modified": "2016-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:horde", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-5483.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47390", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-5483.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47390);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:31:53 $\");\n\n script_cve_id(\"CVE-2008-3823\", \"CVE-2008-3824\", \"CVE-2008-5917\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2009-3236\", \"CVE-2009-3237\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_bugtraq_id(31107, 33491, 37351);\n script_xref(name:\"FEDORA\", value:\"2010-5483\");\n\n script_name(english:\"Fedora 11 : horde-3.3.6-1.fc11 (2010-5483)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=480818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038285.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?187fbedd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Horde < 3.3.2 LFI\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"horde-3.3.6-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:03:52", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=461887", "https://bugzilla.redhat.com/show_bug.cgi?id=461886", "https://bugzilla.redhat.com/show_bug.cgi?id=480818", "http://www.nessus.org/u?25edd544", "https://bugzilla.redhat.com/show_bug.cgi?id=549506", "https://bugzilla.redhat.com/show_bug.cgi?id=523407", "https://bugzilla.redhat.com/show_bug.cgi?id=523401", "https://bugzilla.redhat.com/show_bug.cgi?id=549516", "https://bugzilla.redhat.com/show_bug.cgi?id=490932"], "pluginID": "47404", "description": "Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 13 : horde-3.3.6-1.fc13 (2010-5563)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "modified": "2016-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:horde", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-5563.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47404", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-5563.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47404);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:31:53 $\");\n\n script_cve_id(\"CVE-2008-3823\", \"CVE-2008-3824\", \"CVE-2008-5917\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2009-3236\", \"CVE-2009-3237\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_bugtraq_id(31107, 33491, 37351);\n script_xref(name:\"FEDORA\", value:\"2010-5563\");\n\n script_name(english:\"Fedora 13 : horde-3.3.6-1.fc13 (2010-5563)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=480818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038413.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25edd544\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Horde < 3.3.2 LFI\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"horde-3.3.6-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:09:17", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=461887", "https://bugzilla.redhat.com/show_bug.cgi?id=461886", "https://bugzilla.redhat.com/show_bug.cgi?id=480818", "https://bugzilla.redhat.com/show_bug.cgi?id=549506", "https://bugzilla.redhat.com/show_bug.cgi?id=523407", "https://bugzilla.redhat.com/show_bug.cgi?id=523401", "http://www.nessus.org/u?e177a3bb", "https://bugzilla.redhat.com/show_bug.cgi?id=549516", "https://bugzilla.redhat.com/show_bug.cgi?id=490932"], "pluginID": "47395", "description": "Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : horde-3.3.6-1.fc12 (2010-5520)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "modified": "2016-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:horde", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-5520.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47395", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-5520.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47395);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:31:53 $\");\n\n script_cve_id(\"CVE-2008-3823\", \"CVE-2008-3824\", \"CVE-2008-5917\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2009-3236\", \"CVE-2009-3237\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_bugtraq_id(31107, 33491, 37351);\n script_xref(name:\"FEDORA\", value:\"2010-5520\");\n\n script_name(english:\"Fedora 12 : horde-3.3.6-1.fc12 (2010-5520)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=480818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038358.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e177a3bb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Horde < 3.3.2 LFI\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"horde-3.3.6-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:42:30", "references": [], "pluginID": "34959", "description": "This update of horde fixes the following vulnerabilities :\n\n - CVE-2008-1284: directory traversal allows authenticated user to access and execute arbitrary files\n\n - CVE-2008-3330: remotely exploitable XSS\n\n - CVE-2008-3824: remotely exploitable XSS", "edition": 5, "reporter": "Tenable", "published": "2008-11-25T00:00:00", "title": "openSUSE 10 Security Update : horde (horde-5791)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3330", "CVE-2008-3824", "CVE-2008-1284"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:horde"], "id": "SUSE_HORDE-5791.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34959", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update horde-5791.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34959);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:46 $\");\n\n script_cve_id(\"CVE-2008-1284\", \"CVE-2008-3330\", \"CVE-2008-3824\");\n\n script_name(english:\"openSUSE 10 Security Update : horde (horde-5791)\");\n script_summary(english:\"Check for the horde-5791 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of horde fixes the following vulnerabilities :\n\n - CVE-2008-1284: directory traversal allows authenticated\n user to access and execute arbitrary files\n\n - CVE-2008-3330: remotely exploitable XSS\n\n - CVE-2008-3824: remotely exploitable XSS\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"horde-3.1.3-24\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"horde-3.1.4-55.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:24", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=412566", "https://bugzilla.novell.com/show_bug.cgi?id=368593", "https://bugzilla.novell.com/show_bug.cgi?id=423520"], "pluginID": "39984", "description": "This update of horde fixes the following vulnerabilities :\n\n - CVE-2008-1284: directory traversal allows authenticated user to access and execute arbitrary files\n\n - CVE-2008-3330: remotely exploitable XSS\n\n - CVE-2008-3824: remotely exploitable XSS", "edition": 5, "reporter": "Tenable", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : horde (horde-311)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3330", "CVE-2008-3824", "CVE-2008-1284"], "modified": "2016-12-21T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:horde"], "id": "SUSE_11_0_HORDE-081119.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39984", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update horde-311.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39984);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:49 $\");\n\n script_cve_id(\"CVE-2008-1284\", \"CVE-2008-3330\", \"CVE-2008-3824\");\n\n script_name(english:\"openSUSE Security Update : horde (horde-311)\");\n script_summary(english:\"Check for the horde-311 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of horde fixes the following vulnerabilities :\n\n - CVE-2008-1284: directory traversal allows authenticated\n user to access and execute arbitrary files\n\n - CVE-2008-3330: remotely exploitable XSS\n\n - CVE-2008-3824: remotely exploitable XSS\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=368593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=412566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=423520\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"horde-3.1.4-121.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:26", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0932", "https://bugs.gentoo.org/show_bug.cgi?id=256125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0930", "https://bugs.gentoo.org/show_bug.cgi?id=277294", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5917", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0931", "https://bugs.gentoo.org/show_bug.cgi?id=262976", "https://bugs.gentoo.org/show_bug.cgi?id=262978", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2360"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.3.4", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-apps/horde-imp", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.3.4", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-apps/horde", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.1.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-apps/horde-passwd", "operator": "lt"}], "edition": 1, "description": "### Background\n\nHorde is a web application framework written in PHP. Horde IMP, the \"Internet Messaging Program\", is a Webmail module and Horde Passwd is a password changing module for Horde. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Horde: \n\n * Gunnar Wrobel reported an input sanitation and directory traversal flaw in framework/Image/Image.php, related to the \"Horde_Image driver name\" (CVE-2009-0932).\n * Gunnar Wrobel reported that data sent to horde/services/portal/cloud_search.php is not properly sanitized before used in the output (CVE-2009-0931).\n * It was reported that data sent to framework/Text_Filter/Filter/xss.php is not properly sanitized before used in the output (CVE-2008-5917).\n\nHorde Passwd: David Wharton reported that data sent via the \"backend\" parameter to passwd/main.php is not properly sanitized before used in the output (CVE-2009-2360). \n\nHorde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php, and message.php is not properly sanitized before used in the output (CVE-2009-0930). \n\n### Impact\n\nA remote authenticated attacker could exploit these vulnerabilities to execute arbitrary PHP files on the server, or disclose the content of arbitrary files, both only if the file is readable to the web server. A remote authenticated attacker could conduct Cross-Site Scripting attacks. NOTE: Some Cross-Site Scripting vectors are limited to the usage of Microsoft Internet Explorer. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Horde users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/horde-3.3.4\"\n\nAll Horde IMP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/horde-imp-4.3.4\"\n\nAll Horde Passwd users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/horde-passwd-3.1.1\"", "reporter": "Gentoo Foundation", "published": "2009-09-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "gentoo", "title": "Horde: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0932", "CVE-2009-0931", "CVE-2008-5917", "CVE-2009-0930", "CVE-2009-2360"], "modified": "2009-09-12T00:00:00", "id": "GLSA-200909-14", "href": "https://security.gentoo.org/glsa/200909-14", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T14:04:08", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "Horde Horde_Image::factory driver Argument Local File Inclusion", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0932"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-70700", "id": "SSV:70700", "sourceData": "\n # Exploit Title: Horde Horde_Image::factory driver Argument Local File\r\nInclusion\r\n# Google Dork: intitle:horde\r\n# Date: 10-02-2011\r\n# Author: skysbsb\r\n# Software Link: http://www.horde.org/download/\r\n# Version: Horde 3.3.2\r\n# Tested on: linux\r\n# CVE : CVE-2009-0932\r\n\r\nThe original disclosure was done by Gunnar Wrobel from Horde team.. it was\r\nfound in a code audit (january 2009).\r\nIt&#39;s an old vuln(2009) but still unpublished in exploit-db. There is a lot\r\nof vulnerables sites out there. Just try google =)\r\n\r\n\r\nVuln description:\r\nThe version of Horde, Horde Groupware, or Horde Groupware Webmail Edition\r\ninstalled on the remote host fails to filter input to the &#39;driver&#39; argument\r\nof the &#39;Horde_Image::factory&#39; method before using it to include PHP code in\r\n&#39;lib/Horde/Image.php&#39;. Regardless of PHP&#39;s &#39;register_globals&#39; and\r\n&#39;magic_quotes_gpc&#39; settings, an unauthenticated attacker can exploit this\r\nissue to view arbitrary files or possibly to execute arbitrary PHP code on\r\nthe remote host, subject to the privileges of the web server user id.\r\n\r\n\r\nFix:\r\nIf using Horde, upgrade to version 3.3.3 / 3.2.4 or later. If using Horde\r\nGroupware, upgrade to version 1.2.2 / 1.1.5 or later. If using Horde\r\nGroupware Webmail Edition, upgrade to version 1.2.2/1.1.5 or later.\r\n\r\n\r\nPoC:\r\nhttp://www.vulnsite.com/horde/util/barcode.php\r\n?type=../../../../../../../../../../../etc/./passwd%00\r\n\r\n\r\n\r\n# skysbsb [*at*] gmail.com\r\n\n ", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-70700", "status": "cve,poc"}, {"lastseen": "2017-11-19T18:56:05", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 33491\r\nCVE(CAN) ID: CVE-2009-0931,CVE-2009-0932\r\n\r\nHorde Framework\u662f\u4e2a\u4ee5PHP\u4e3a\u57fa\u7840\u7684\u67b6\u6784\uff0c\u7528\u6765\u521b\u5efa\u7f51\u7edc\u5e94\u7528\u7a0b\u5f0f\u3002\r\n\r\nHorde\u6ca1\u6709\u6b63\u786e\u5730\u8fc7\u6ee4\u5bf9horde/services/portal/cloud_search.php\u811a\u672c\u6240\u4f20\u9001\u7684\u8f93\u5165\u4fbf\u8fd4\u56de\u7ed9\u4e86\u7528\u6237\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u63d0\u4ea4\u6076\u610f\u8bf7\u6c42\u5bfc\u81f4\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4f1a\u8bdd\u4e2d\u6ce8\u5165\u5e76\u6267\u884c\u4efb\u610fHTML\u548c\u811a\u672c\u4ee3\u7801\u3002\r\n\r\nHorde\u6ca1\u6709\u6b63\u786e\u5730\u8fc7\u6ee4\u5bf9framework/Image/Image.php\u811a\u672c\u6240\u4f20\u9001\u7684\u8f93\u5165\u4fbf\u7528\u4e8e\u5305\u542b\u6587\u4ef6\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5728Horde_Image\u9a71\u52a8\u540d\u79f0\u4e2d\u8bbe\u7f6e\u76ee\u5f55\u904d\u5386\u5e8f\u5217\u5bfc\u81f4\u5305\u542b\u548c\u6267\u884c\u4efb\u610f\u672c\u5730\u6587\u4ef6\u3002\r\n\r\nHorde Horde 3.3.x \r\nHorde Horde 3.2.x\r\nHorde Groupware &lt; 1.1.5\r\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nHorde\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://lists.horde.org/archives/announce/2009/000486.html target=_blank rel=external nofollow>http://lists.horde.org/archives/announce/2009/000486.html</a>\r\n<a href=http://lists.horde.org/archives/announce/2009/000483.html target=_blank rel=external nofollow>http://lists.horde.org/archives/announce/2009/000483.html</a>\r\n<a href=http://lists.horde.org/archives/announce/2009/000482.html target=_blank rel=external nofollow>http://lists.horde.org/archives/announce/2009/000482.html</a>", "reporter": "Root", "published": "2009-03-19T00:00:00", "title": "Horde\u4ea7\u54c1\u672c\u5730\u6587\u4ef6\u5305\u542b\u548c\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0931", "CVE-2009-0932"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-03-19T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4930", "id": "SSV:4930", "sourceData": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "", "status": "poc,details"}], "dsquare": [{"lastseen": "2017-09-26T15:33:26", "_object_types": ["robots.models.base.Bulletin", "robots.models.dsquare.DsquareBulletin"], "references": ["https://vulners.com/NID/NID:35554", "https://vulners.com/BID/BID:33491", "https://vulners.com/OSVDB/OSVDB:51887"], "description": "Horde_Image::factory driver Argument LFI Vulnerability\n\nVulnerability Type: Local File Include", "reporter": "Dsquare Security", "published": "2012-02-01T00:00:00", "type": "dsquare", "title": "Horde < 3.3.2 LFI", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0932"], "_object_type": "robots.models.dsquare.DsquareBulletin", "modified": "2013-04-02T00:00:00", "id": "E-42", "href": "", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-01T23:12:23", "osvdbidlist": ["51887"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Horde Horde_Image::factory driver Argument Local File Inclusion. CVE-2009-0932. Webapps exploit for php platform", "reporter": "skysbsb", "published": "2011-02-11T00:00:00", "type": "exploitdb", "title": "Horde Horde_Image::factory driver Argument Local File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0932"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2011-02-11T00:00:00", "id": "EDB-ID:16154", "href": "https://www.exploit-db.com/exploits/16154/", "sourceData": "# Exploit Title: Horde Horde_Image::factory driver Argument Local File\r\nInclusion\r\n# Google Dork: intitle:horde\r\n# Date: 10-02-2011\r\n# Author: skysbsb\r\n# Software Link: http://www.horde.org/download/\r\n# Version: Horde 3.3.2\r\n# Tested on: linux\r\n# CVE : CVE-2009-0932\r\n\r\nThe original disclosure was done by Gunnar Wrobel from Horde team.. it was\r\nfound in a code audit (january 2009).\r\nIt's an old vuln(2009) but still unpublished in exploit-db. There is a lot\r\nof vulnerables sites out there. Just try google =)\r\n\r\n\r\nVuln description:\r\nThe version of Horde, Horde Groupware, or Horde Groupware Webmail Edition\r\ninstalled on the remote host fails to filter input to the 'driver' argument\r\nof the 'Horde_Image::factory' method before using it to include PHP code in\r\n'lib/Horde/Image.php'. Regardless of PHP's 'register_globals' and\r\n'magic_quotes_gpc' settings, an unauthenticated attacker can exploit this\r\nissue to view arbitrary files or possibly to execute arbitrary PHP code on\r\nthe remote host, subject to the privileges of the web server user id.\r\n\r\n\r\nFix:\r\nIf using Horde, upgrade to version 3.3.3 / 3.2.4 or later. If using Horde\r\nGroupware, upgrade to version 1.2.2 / 1.1.5 or later. If using Horde\r\nGroupware Webmail Edition, upgrade to version 1.2.2/1.1.5 or later.\r\n\r\n\r\nPoC:\r\nhttp://www.vulnsite.com/horde/util/barcode.php\r\n?type=../../../../../../../../../../../etc/./passwd%00\r\n\r\n\r\n\r\n# skysbsb [*at*] gmail.com\r\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/16154/"}], "packetstorm": [{"lastseen": "2016-12-05T22:22:43", "references": [], "description": "", "edition": 1, "reporter": "skys", "published": "2011-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "Horde Local File Inclusion", "type": "packetstorm", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0932"], "modified": "2011-02-11T00:00:00", "id": "PACKETSTORM:98424", "href": "https://packetstormsecurity.com/files/98424/Horde-Local-File-Inclusion.html", "sourceData": "`# Exploit Title: Horde Horde_Image::factory driver Argument Local File Inclusion \n# Google Dork: intitle:horde \n# Date: 10-02-2011 \n# Author: skysbsb \n# Software Link: http://www.horde.org/download/ \n# Version: Horde 3.3.2 \n# Tested on: linux \n# CVE : CVE-2009-0932 \n \nThe original disclosure was done by Gunnar Wrobel from Horde team.. it was \nfound in a code audit (january 2009). \nIt's an old vuln(2009) but still unpublished in exploit-db. There is a lot \nof vulnerables sites out there. Just try google =) \n \n \nVuln description: \nThe version of Horde, Horde Groupware, or Horde Groupware Webmail Edition \ninstalled on the remote host fails to filter input to the 'driver' argument \nof the 'Horde_Image::factory' method before using it to include PHP code in \n'lib/Horde/Image.php'. Regardless of PHP's 'register_globals' and \n'magic_quotes_gpc' settings, an unauthenticated attacker can exploit this \nissue to view arbitrary files or possibly to execute arbitrary PHP code on \nthe remote host, subject to the privileges of the web server user id. \n \n \nFix: \nIf using Horde, upgrade to version 3.3.3 / 3.2.4 or later. If using Horde \nGroupware, upgrade to version 1.2.2 / 1.1.5 or later. If using Horde \nGroupware Webmail Edition, upgrade to version 1.2.2/1.1.5 or later. \n \n \nPoC: \nhttp://www.vulnsite.com/horde/util/barcode.php \n?type=../../../../../../../../../../../etc/./passwd%00 \n \n \n \n# skysbsb [*at*] gmail.com \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/98424/horde-lfi.txt", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "d2": [{"lastseen": "2016-09-25T14:11:18", "references": [], "description": "**Name**| d2sec_horde \n---|--- \n**CVE**| CVE-2009-0932 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| d2sec_horde \n**Notes**| \n", "edition": 1, "reporter": "DSquare", "published": "2009-03-17T17:30:00", "title": "DSquare Exploit Pack: D2SEC_HORDE", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "d2", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0932"], "modified": "2009-03-17T17:30:00", "id": "D2SEC_HORDE", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_horde", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}