CVE-2007-1473 – Horde Framework 3.1.3 - 'login.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1473
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en framework/NLS/NLS.php en Horde Framework anterior a 3.1.4 RC1, cuando la página de login contiene una caja de elección de idioma, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro new_lang en login.php. • https://www.exploit-db.com/exploits/29745 http://lists.horde.org/archives/announce/2007/000315.html http://secunia.com/advisories/24528 http://secunia.com/advisories/24995 http://secunia.com/advisories/27565 http://securityreason.com/securityalert/2427 http://securitytracker.com/id?1017775 http://www.debian.org/security/2007/dsa-1406 http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.osvdb.org/33084 http://www.securityfocus.com/archive/1/462915/ •
CVE-2007-1474 – Horde Framework and IMP 2.x/3.x - Cleanup Cron Script Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2007-1474
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. Vulnerabilidad de inyección de argumento en la secuencia de comandos cleanup para cron de Horde Project Horde e IMP anterior a Horde Application Framework 3.1.4 permite a usuarios locales borrar archivos de su elección y posiblemente obtener privilegios mediante múltiples nombres de ruta separados por espacios. • https://www.exploit-db.com/exploits/29746 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489 http://lists.horde.org/archives/announce/2007/000315.html http://secunia.com/advisories/27565 http://www.debian.org/security/2007/dsa-1406 http://www.securityfocus.com/bid/22985 http://www.securitytracker.com/id?1017784 http://www.securitytracker.com/id?1017785 http://www.vupen.com/english/advisories/2007/0965 https://exchange.xforce.ibmcloud.com/vulnerabilities/32997 •
CVE-2006-4256
https://notcve.org/view.php?id=CVE-2006-4256
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. index.php en Horde Application Framework anerior a 3.1.2 permite a atacantes remotos incluir páginas web de otros sitios, lo que podría ser útil para ataques de phishing, mediante una URL en el parámetro url, también conocido como "referencia en sitios cruzados" (cross-site referencing). NOTA: algunas fuetnes se han referido a este problema como XSS, pero es diferente del clásico XSS. • http://lists.horde.org/archives/announce/2006/000292.html http://secunia.com/advisories/21500 http://secunia.com/advisories/27565 http://securityreason.com/securityalert/1422 http://securitytracker.com/id?1016713 http://www.debian.org/security/2007/dsa-1406 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456 http://www.securityfocus.com/archive/1/443360/100/0/threaded http://www.vupen.com/english/advisories/2006/3309 https://exchange.xforce.ibmcloud.com/vulnerabilities/28411 •
CVE-2006-3549
https://notcve.org/view.php?id=CVE-2006-3549
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server. services/go.php en Horde Application Framework 3.0.0 hasta la 3.0.10 y 3.1.0 hasta la 3.1.1 no restringe de forma adecuada su capacidad de imagen de proxy, lo cual permite a atacantes remotos llevar a cabo ataques "Web tunneling" y utilizar el servidor como un proxy a través de la URL (1) http, (2) https, y (3) ftp en el parámetro URL, el cual es respondido desde el servidor. • http://lists.horde.org/archives/announce/2006/000287.html http://lists.horde.org/archives/announce/2006/000288.html http://moritz-naumann.com/adv/0011/hordemulti/0011.txt http://secunia.com/advisories/20954 http://secunia.com/advisories/21459 http://secunia.com/advisories/27565 http://securityreason.com/securityalert/1229 http://securitytracker.com/id?1016442 http://www.debian.org/security/2007/dsa-1406 http://www.novell.com/linux/security/advisories/2006_19_sr.html http:/ •
CVE-2006-1491 – Horde 3.0.9/3.1.0 - Help Viewer Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-1491
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. • https://www.exploit-db.com/exploits/1660 http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86 http://lists.horde.org/archives/announce/2006/000271.html http://lists.horde.org/archives/announce/2006/000272.html http://secunia.com/advisories/19485 http://secunia.com/advisories/19504 http://secunia.com/advisories/19528 http://secunia.com/advisories/19619 http://secunia.com/advisories/19692 http://securitytracker.com/id?1015841 http://www • CWE-94: Improper Control of Generation of Code ('Code Injection') •