CVE-2007-6018 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-6018
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-6018

Description: IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/39595 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html SAID Secunia Advisory: SA28020 Secunia Advisory: SA28546 Secunia Advisory: SA29184 Secunia Advisory: SA29185 Secunia Advisory: SA29186 Secunia Advisory: SA34418 MLIST http://lists.horde.org/archives/announce/2008/000366.html http://lists.horde.org/archives/announce/2008/000365.html http://lists.horde.org/archives/announce/2008/000360.html MISC http://secunia.com/secunia_research/2007-102/advisory/ FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1470 CONFIRM http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h BID 27223

Return to the previous page.