RSS   Vulnerabilities for 'Horde groupware'   RSS

2009-03-17
 
CVE-2009-0932

CWE-22
 

 
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.

 
 
CVE-2009-0931

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 

 >>> Vendor: Debian 97 Products
Qpopper
Debian linux
Netkit
Cfingerd
TIN
Horde
Elvis tiny
Sgml-tools
Netstd
Internet message
Mailscanner
Mime-support
FSP
Strongswan
Lintian
Shadow-utils
Debmake
Tetex-bin
Sympa
DPKG
Bsmtpd
Toolchain-source
PPXP
Reportbug
Turba
Apt-cacher
FUSE
TOR
Apt-setup
Backupninja
Kernel-patch-vserver
Libmail-audit-perl
Amaya
Base-config
Apache
GFAX
Debian-goodies
Reprepro
Duplicity
Guilt
UNP
Apt-listchanges
TSS
Aptlinex
Projectl
Honeyd common
Citadel server
Python-dns
Xsabre
FETA
Dpkg-cross
Myspell
Newsgate
Initramfs-tools
Os-prober
LTP
Shadow
Horde imp
Horde groupware
Nss-ldap
APT
Libdbd-pg-perl
Devscripts
Mono-debugger
Tex-common
Apache2
Texlive-extra-utils
Php5-common
Logol
Devotee
Cifs-utils
Trousers
Bsdmainutils
LATD
Txt2man
Adequate
Localepurge
Syncevolution
Axiom
Advanced package tool
Ppthtml
Xbuffy
Dpkg-dev
Kde4libs
Python-imaging
Exuberant ctags
Hivex
Dbd-firebird
Unattended-upgrades
Xbindkeys-config
Ftpsync
Postgresql-common
Devscript
Crossroads
Tmpreaper
Debian-lan-config
PERM


Copyright 2024, cxsecurity.com

 

Back to Top