Информационная безопасность
[RU] switch to English


CVECVE-2009-0932
СтатусCandidate
ОписаниеDirectory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
Важность
Medium
CVSS score6,4
CVSS vector(AV:N/AC:L/Au:N/C:P/I:P/A:N)
PhaseAssigned (21.09.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0932
ReferencesBID : 33491
 SECUNIA : 33695
 CONFIRM : http://cvs.horde.org/co.php/groupware/docs/groupwa...
 CONFIRM : http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1...
 CONFIRM : http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1...
 MLIST : [announce] 20090127 Horde 3.2.4 (final)
 MLIST : [announce] 20090127 Horde 3.3.3 (final)
 MLIST : [announce] 20090127 Horde Groupware 1.1.5 (final)
SecurityVulns:Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород