CVE-2006-1260 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-1260
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1260

Description: Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25239 SUSE http://www.novell.com/linux/security/advisories/2006_04_28.html ST 1015771 SREASON http://securityreason.com/securityalert/590 SAID Secunia Advisory: SA19246 Secunia Advisory: SA19528 Secunia Advisory: SA19619 Secunia Advisory: SA19897 Secunia Advisory: SA19692 OSVDB 23918 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html DEBIAN http://www.debian.org/security/2006/dsa-1034 http://www.debian.org/security/2006/dsa-1033 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/427710/100/0/threaded BID 17117

Return to the previous page.