Detections
Analytics

CVE-2008-1284

medium

Description

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.

References

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/41054

http://www.vupen.com/english/advisories/2008/0822/references

http://www.securityfocus.com/bid/28153

http://www.securityfocus.com/archive/1/489289/100/0/threaded

http://www.securityfocus.com/archive/1/489239/100/0/threaded

http://www.debian.org/security/2008/dsa-1519

http://securityreason.com/securityalert/3726

http://security.gentoo.org/glsa/glsa-200805-01.xml

http://secunia.com/advisories/30047

http://secunia.com/advisories/29400

http://secunia.com/advisories/29374

http://secunia.com/advisories/29286

http://lists.horde.org/archives/announce/2008/000384.html

http://lists.horde.org/archives/announce/2008/000383.html

http://lists.horde.org/archives/announce/2008/000382.html

Details

Source: Mitre, NVD

Published: 2008-03-11

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium