Vulnerability CVE-2007-1474


Published: 2007-03-16   Modified: 2012-02-12

Description:
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Horde -> Horde application framework 
Horde -> IMP 

 References:
http://lists.horde.org/archives/announce/2007/000315.html
http://www.vupen.com/english/advisories/2007/0965
http://www.securityfocus.com/bid/22985
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489
http://xforce.iss.net/xforce/xfdb/32997
http://www.securitytracker.com/id?1017785
http://www.securitytracker.com/id?1017784
http://www.debian.org/security/2007/dsa-1406
http://secunia.com/advisories/27565

Copyright 2024, cxsecurity.com

 

Back to Top