CVE-2008-1284

Sažetak

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.

Reference

http://lists.horde.org/archives/announce/2008/000382.html
http://lists.horde.org/archives/announce/2008/000383.html
http://lists.horde.org/archives/announce/2008/000384.html
http://secunia.com/advisories/29286
http://secunia.com/advisories/29374
http://secunia.com/advisories/29400
http://secunia.com/advisories/30047
http://security.gentoo.org/glsa/glsa-200805-01.xml
http://securityreason.com/securityalert/3726
http://www.debian.org/security/2008/dsa-1519
http://www.securityfocus.com/archive/1/489239/100/0/threaded
http://www.securityfocus.com/archive/1/489289/100/0/threaded
http://www.securityfocus.com/bid/28153
http://www.vupen.com/english/advisories/2008/0822/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41054
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-10-2018 - 20:31

Objavljeno

11-03-2008 - 00:44