Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Horde, several vulnerabilities

September 2009 by Vigil@nce

Three vulnerabilities of Horde can be used by an attacker in order
to create files or to generate a Cross Site Scripting.

 Severity: 2/4
 Consequences: client access/rights, data creation/edition
 Provenance: document
 Means of attack: 2 attacks
 Ability of attacker: beginner (1/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Number of vulnerabilities in this bulletin: 3
 Creation date: 14/09/2009
 Revision date: 21/09/2009

IMPACTED PRODUCTS

 Unix - plateform

DESCRIPTION OF THE VULNERABILITY

Three vulnerabilities were announced in Horde tools.

An application (Turba, Ansel) with a form containing images
(Horde_Form_Type_image) can be used to overwrite a local file.
[grav:2/4; CVE-2009-3236]

Some MIME data are displayed directly, which generates a Cross
Site Scripting. [grav:2/4; 8311, CVE-2009-3237]

The horde/services/images/colorpicker.php,
horde/services/prefs.php and horde/test.php scripts can be used
for a Cross Site Scripting. [grav:2/4; 8399, CVE-2009-3237]

CHARACTERISTICS

 Identifiers: 8311, 8399, CVE-2009-3236, CVE-2009-3237,
VIGILANCE-VUL-9022
 Url: http://vigilance.fr/vulnerability/Horde-several-vulnerabilities-9022


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts