CVE-2001-1258 Information

Description

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410 http://online.securityfocus.com/archive/1/198495 http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt http://www.debian.org/security/2001/dsa-073 http://www.iss.net/security_center/static/6906.php http://www.securityfocus.com/bid/3083