CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1284
https://notcve.org/view.php?id=CVE-2008-1284
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. Vulnerabilidad de salto de directorio en Horde 3.1.6, Groupware anterior 1.0.5, y Groupware Webmail Edition anterior 1.0.6, cuando ejecuta ciertas configuraciones, pertmite a usuarios autenticados remotamente leer y ejecutar ficheros de su elección a través de secuencias ".." y de byte nulo en el mismo "theme name". • http://lists.horde.org/archives/announce/2008/000382.html http://lists.horde.org/archives/announce/2008/000383.html http://lists.horde.org/archives/announce/2008/000384.html http://secunia.com/advisories/29286 http://secunia.com/advisories/29374 http://secunia.com/advisories/29400 http://secunia.com/advisories/30047 http://security.gentoo.org/glsa/glsa-200805-01.xml http://securityreason.com/securityalert/3726 http://www.debian.org/security/2008/dsa-1519 http://www.securityf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •