Detections
Analytics
CVE-2008-1284medium
Description
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
References
http://secunia.com/advisories/29286
http://secunia.com/advisories/29374
http://secunia.com/advisories/29400
http://secunia.com/advisories/30047
http://security.gentoo.org/glsa/glsa-200805-01.xml
http://securityreason.com/securityalert/3726
https://exchange.xforce.ibmcloud.com/vulnerabilities/41054
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html
http://www.debian.org/security/2008/dsa-1519
http://www.vupen.com/english/advisories/2008/0822/references
Details
Published: 2008-03-11
Risk Information
CVSS v2
Base Score: 6
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
Severity: Medium