Vulnerability CVE-2009-0932


Published: 2009-03-17   Modified: 2012-02-13

Description:
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Horde Horde_Image::factory driver Argument Local File Inclusion
skysbsb
14.02.2011

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Vendor: Debian
Product: Horde 
Version:
3.3.2
3.3.1
3.3
3.2.3
3.2.2
3.2
Product: Horde groupware 
Version:
1.1.4
1.1.3
1.1.2
1.1.1

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://www.securityfocus.com/bid/33491
http://securityreason.com/securityalert/8077
http://secunia.com/advisories/34609
http://secunia.com/advisories/34418
http://secunia.com/advisories/33695
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://lists.horde.org/archives/announce/2009/000486.html
http://lists.horde.org/archives/announce/2009/000483.html
http://lists.horde.org/archives/announce/2009/000482.html
http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503
http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5
http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5

Related CVE
CVE-2019-11042
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past ...
CVE-2019-11041
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past ...
CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated ...
CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable sy...
CVE-2019-13917
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents...
CVE-2019-13272
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with...
CVE-2019-13574
In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.

Copyright 2019, cxsecurity.com

 

Back to Top