Debian Security Advisory 1406-1 - Several remote vulnerabilities have been discovered in the Horde web application framework. Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting). Moritz Naumann discovered that Horde does not properly restrict its image proxy, allowing remote attackers to use the server as a proxy. Marc Ruef discovered that Horde allows remote attackers to include web pages from other sites, which could be useful for phishing attacks. iDefense discovered that the cleanup cron script in Horde allows local users to delete arbitrary files.
a8b2426df5dfc5c5fced97b3a1b4d36d91eefef3c7fb03377def712c4ec26d17
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed