LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

horde3: multiple vulnerabilities

Package(s):horde3 CVE #(s):CVE-2009-0932 CVE-2008-3330 CVE-2008-5917
Created:April 8, 2009 Updated:April 1, 2010
Description: From the Debian advisory:

Gunnar Wrobel discovered a directory traversal vulnerability, which allows attackers to include and execute arbitrary local files via the driver parameter in Horde_Image. CVE-2009-0932

It was discovered that an attacker could perform a cross-site scripting attack via the contact name, which allows attackers to inject arbitrary html code. This requires that the attacker has access to create contacts. CVE-2008-3330

It was discovered that the horde XSS filter is prone to a cross-site scripting attack, which allows attackers to inject arbitrary html code. This is only exploitable when Internet Explorer is used. CVE-2008-5917

Alerts:
Fedora FEDORA-2010-5520 2010-04-01
Fedora FEDORA-2010-5483 2010-04-01
Gentoo 200909-14 2009-09-12
Debian DSA-1765-1 2009-04-08
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds