CVE-2008-1284 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1284
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1284

Description: Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41054 SREASON http://securityreason.com/securityalert/3726 SAID Secunia Advisory: SA29400 Secunia Advisory: SA29374 Secunia Advisory: SA29286 Secunia Advisory: SA30047 MLIST http://lists.horde.org/archives/announce/2008/000382.html http://lists.horde.org/archives/announce/2008/000384.html http://lists.horde.org/archives/announce/2008/000383.html GENTOO http://security.gentoo.org/glsa/glsa-200805-01.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1519 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489289/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/489239/100/0/threaded BID 28153

Return to the previous page.