exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2008-3823

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.

Related Files

Debian Linux Security Advisory 1642-1
Posted Sep 20, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1642-1 - Will Drewry discovered that the Horde, allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting.

tags | advisory, remote, xss
systems | linux, debian
advisories | CVE-2008-3823
SHA-256 | 86fa3fafadc64c5326f69589f6e81f393290a5626436c792773c3cc89611f794
n.runs-SA-2008.006.txt
Posted Sep 11, 2008
Authored by Alexios Fakos | Site nruns.com

Horde versions 3.2 through 3.2.1 suffer from a cross site scripting vulnerability due to the handling of MIME attachments.

tags | advisory, xss
advisories | CVE-2008-3823
SHA-256 | c2a3082c148d60c17ee794b27d8f58dbea9dcafc37b3a98ef6dc4162c3890507
Open Source CERT Security Advisory 2008.12
Posted Sep 11, 2008
Authored by Will Drewry, Open Source CERT | Site ocert.org

Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework. The first of which is that the Horde framework fails to properly sanitize the filename of MIME attachments on received emails. The second vulnerability has a wider impact. Horde relies on code similar to Popoon's externalinput.php to filter out potential XSS attacks on user-supplied input. This filter, and the original, fail to fully sanitize user data.

tags | advisory, php, vulnerability, xss
advisories | CVE-2008-3823, CVE-2008-3824
SHA-256 | acda1d56ba4b8127f008b4511f6c73504b17ce52451cced4c4ab5e70aa2f8410
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close