CVE-2007-1474

Sažetak

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489
http://lists.horde.org/archives/announce/2007/000315.html
http://secunia.com/advisories/27565
http://www.debian.org/security/2007/dsa-1406
http://www.securityfocus.com/bid/22985
http://www.securitytracker.com/id?1017784
http://www.securitytracker.com/id?1017785
http://www.vupen.com/english/advisories/2007/0965
https://exchange.xforce.ibmcloud.com/vulnerabilities/32997

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-07-2017 - 01:30

Objavljeno

16-03-2007 - 21:19