CVE-2008-1284 Information

Feb 14, 2021 cve

Description

Directory traversal vulnerability in Horde 3.1.6 Groupware before 1.0.5 and Groupware Webmail Edition before 1.0.6 when running with certain configurations allows remote authenticated users to read and execute arbitrary files via ..\ sequences and a null byte in the theme name.

Reference

http://lists.horde.org/archives/announce/2008/000382.html http://lists.horde.org/archives/announce/2008/000383.html http://lists.horde.org/archives/announce/2008/000384.html http://secunia.com/advisories/29286 http://secunia.com/advisories/29374 http://secunia.com/advisories/29400 http://secunia.com/advisories/30047 http://security.gentoo.org/glsa/glsa-200805-01.xml http://securityreason.com/securityalert/3726 http://www.debian.org/security/2008/dsa-1519 http://www.securityfocus.com/archive/1/489239/100/0/threaded http://www.securityfocus.com/archive/1/489289/100/0/threaded http://www.securityfocus.com/bid/28153 http://www.vupen.com/english/advisories/2008/0822/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41054 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html

Share on: