CVE - CVE-2008-1284

CVE-ID
CVE-2008-1284	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080307 Horde Webmail file inclusion proof of concept & patch. URL:http://www.securityfocus.com/archive/1/archive/1/489239/100/0/threaded BUGTRAQ:20080308 Re: Horde Webmail file inclusion proof of concept & patch. URL:http://www.securityfocus.com/archive/1/archive/1/489289/100/0/threaded MLIST:[announce] 20080307 Horde Groupware 1.0.5 (final) URL:http://lists.horde.org/archives/announce/2008/000383.html MLIST:[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final) URL:http://lists.horde.org/archives/announce/2008/000384.html MLIST:[announce] 20080307 Horde 3.1.7 (final) URL:http://lists.horde.org/archives/announce/2008/000382.html DEBIAN:DSA-1519 URL:http://www.debian.org/security/2008/dsa-1519 FEDORA:FEDORA-2008-2362 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html FEDORA:FEDORA-2008-2406 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html GENTOO:GLSA-200805-01 URL:http://security.gentoo.org/glsa/glsa-200805-01.xml BID:28153 URL:http://www.securityfocus.com/bid/28153 VUPEN:ADV-2008-0822 URL:http://www.vupen.com/english/advisories/2008/0822/references SECUNIA:29286 URL:http://secunia.com/advisories/29286 SECUNIA:29374 URL:http://secunia.com/advisories/29374 SECUNIA:29400 URL:http://secunia.com/advisories/29400 SECUNIA:30047 URL:http://secunia.com/advisories/30047 SREASON:3726 URL:http://securityreason.com/securityalert/3726 XF:horde-theme-file-include(41054) URL:http://xforce.iss.net/xforce/xfdb/41054
Date Entry Created
20080310	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080310)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2008-1284