CVE-2009-3236

Related Files

Gentoo Linux Security Advisory 200911-1

Posted Nov 6, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 200911-1 - Multiple vulnerabilities in the Horde Application Framework can allow for arbitrary files to be overwritten and cross-site scripting attacks. Versions less than 3.3.5 are affected.

tags | advisory, arbitrary, vulnerability, xss

systems | linux, gentoo

advisories | CVE-2009-3236, CVE-2009-3237

SHA-256 | f6bfa2f4fb881b9bbd89729802aa041d15e8a4c1e14f92e7275843455f60bf11

Download | Favorite | View

Debian Linux Security Advisory 1897-1

Posted Sep 29, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1897-1 - Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver.

tags | advisory, web, arbitrary, php

systems | linux, debian

advisories | CVE-2009-3236

SHA-256 | 74849428a088e248caf5775fc100bbbb2aa65fc2d2b0257a92f72ae1150aacd1

Download | Favorite | View

Horde Application Framework Horde_Form_Type_image File Overwrite

Posted Sep 19, 2009

Authored by Stefan Esser | Site sektioneins.de

Horde Application Framework versions 3.2.4 and below suffer from a Horde_Form_Type_image arbitrary file overwrite vulnerability.

tags | advisory, arbitrary

advisories | CVE-2009-3236

SHA-256 | 6b36254b02daaded256bbf6076bafdff753a55113f60cdbc47ec7d1dfe52ffb0

Download | Favorite | View