[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- Horde 3.3.5
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2009-09-17 1:29:53
Message-ID: Pine.GSO.4.51.0909162129470.7046 () faron ! mitre ! org
[Download RAW message or body]
======================================================
Name: CVE-2009-3236
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3236
Reference: MLIST:[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125292088004087&w=2
Reference: MLIST:[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125294558611682&w=2
Reference: MLIST:[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125292314007049&w=2
Reference: MLIST:[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125295852706029&w=2
Reference: MLIST:[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125291625030436&w=2
Reference: MLIST:[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125292339907481&w=2
Reference: OSVDB:58107
Reference: URL:http://www.osvdb.org/58107
Reference: SECUNIA:36665
Reference: URL:http://secunia.com/advisories/36665
Reference: XF:horde-application-form-file-overwrite(53202)
Reference: URL:http://xforce.iss.net/xforce/xfdb/53202
Unspecified vulnerability in the form library in Horde Application
Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before
1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before
1.1.6 and 1.2 before 1.2.4; allows remote attackers, with privileges
to write to the address book, to overwrite arbitrary files via crafted
"image form fields."
======================================================
Name: CVE-2009-3237
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3237
Reference: MLIST:[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125292088004087&w=2
Reference: MLIST:[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125294558611682&w=2
Reference: MLIST:[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125292314007049&w=2
Reference: MLIST:[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125295852706029&w=2
Reference: MLIST:[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125291625030436&w=2
Reference: MLIST:[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)
Reference: URL:http://marc.info/?l=horde-announce&m=125292339907481&w=2
Reference: CONFIRM:http://bugs.horde.org/ticket/?id=8311
Reference: CONFIRM:http://bugs.horde.org/ticket/?id=8399
Reference: OSVDB:58108
Reference: URL:http://www.osvdb.org/58108
Reference: OSVDB:58109
Reference: URL:http://www.osvdb.org/58109
Reference: SECUNIA:36665
Reference: URL:http://secunia.com/advisories/36665
Reference: XF:horde-mimeviewer-xss(53200)
Reference: URL:http://xforce.iss.net/xforce/xfdb/53202
Multiple cross-site scripting (XSS) vulnerabilities in Horde
Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware
1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition
1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to
inject arbitrary web script or HTML via the (1) crafted number
preferences that are not properly handled in the preference system
(services/prefs.php), as demonstrated by the sidebar_width parameter;
or (2) crafted unknown MIME "text parts" that are not properly handled
in the MIME viewer library (config/mime_drivers.php).
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic