[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97389

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-1284

Date: (C)2008-03-10   (M)2017-08-08
 
CVSS Score: 6.0Access Vector: NETWORK
Exploitability Subscore: 6.8Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.

Reference:
http://www.securityfocus.com/archive/1/archive/1/489239/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/489289/100/0/threaded
BID-28153
SECUNIA-29286
SECUNIA-29374
SECUNIA-29400
SECUNIA-30047
SREASON-3726
ADV-2008-0822
DSA-1519
FEDORA-2008-2362
FEDORA-2008-2406
GLSA-200805-01
http://lists.horde.org/archives/announce/2008/000383.html
http://lists.horde.org/archives/announce/2008/000384.html
http://lists.horde.org/archives/announce/2008/000382.html
horde-theme-file-include(41054)

CWE    1
CWE-22
OVAL    1
oval:org.mitre.oval:def:7854

© 2013 SecPod Technologies