[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request - horde, imp
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2009-03-17 21:01:50
Message-ID: Pine.GSO.4.51.0903171701180.17171 () faron ! mitre ! org
[Download RAW message or body]
======================================================
Name: CVE-2009-0930
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0930
Reference: MLIST:[announce] 20090127 IMP 4.2.2 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000484.html
Reference: MLIST:[announce] 20090127 IMP 4.3.3 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000485.html
Reference: CONFIRM:http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.301.2.3
Reference: CONFIRM:http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.375
Reference: BID:33492
Reference: URL:http://www.securityfocus.com/bid/33492
Reference: SECUNIA:33719
Reference: URL:http://secunia.com/advisories/33719
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP
before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web
script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php,
and (3) message.php.
======================================================
Name: CVE-2009-0931
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0931
Reference: MLIST:[announce] 20090127 Horde 3.2.4 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000483.html
Reference: MLIST:[announce] 20090127 Horde 3.3.3 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000482.html
Reference: MLIST:[announce] 20090127 Horde Groupware 1.1.5 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000486.html
Reference: CONFIRM:http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
Reference: CONFIRM:http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5
Reference: CONFIRM:http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503
Reference: BID:33491
Reference: URL:http://www.securityfocus.com/bid/33491
Reference: SECUNIA:33695
Reference: URL:http://secunia.com/advisories/33695
Cross-site scripting (XSS) vulnerability in the tag cloud search
script (horde/services/portal/cloud_search.php) in Horde before 3.2.4
and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers
to inject arbitrary web script or HTML via unspecified vectors.
======================================================
Name: CVE-2009-0932
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0932
Reference: MLIST:[announce] 20090127 Horde 3.2.4 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000483.html
Reference: MLIST:[announce] 20090127 Horde 3.3.3 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000482.html
Reference: MLIST:[announce] 20090127 Horde Groupware 1.1.5 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000486.html
Reference: CONFIRM:http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
Reference: CONFIRM:http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5
Reference: CONFIRM:http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503
Reference: BID:33491
Reference: URL:http://www.securityfocus.com/bid/33491
Reference: SECUNIA:33695
Reference: URL:http://secunia.com/advisories/33695
Directory traversal vulnerability in framework/Image/Image.php in
Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows
remote attackers to include and execute arbitrary local files via
directory traversal sequences in the Horde_Image driver name.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic