CVE - CVE-2008-1284

CVE-ID
CVE-2008-1284	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:28153 URL:http://www.securityfocus.com/bid/28153 BUGTRAQ:20080307 Horde Webmail file inclusion proof of concept & patch. URL:http://www.securityfocus.com/archive/1/489239/100/0/threaded BUGTRAQ:20080308 Re: Horde Webmail file inclusion proof of concept & patch. URL:http://www.securityfocus.com/archive/1/489289/100/0/threaded DEBIAN:DSA-1519 URL:http://www.debian.org/security/2008/dsa-1519 FEDORA:FEDORA-2008-2362 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html FEDORA:FEDORA-2008-2406 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html GENTOO:GLSA-200805-01 URL:http://security.gentoo.org/glsa/glsa-200805-01.xml MLIST:[announce] 20080307 Horde Groupware 1.0.5 (final) URL:http://lists.horde.org/archives/announce/2008/000383.html MLIST:[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final) URL:http://lists.horde.org/archives/announce/2008/000384.html MLIST:[announce] 20080307 Horde 3.1.7 (final) URL:http://lists.horde.org/archives/announce/2008/000382.html SECUNIA:29286 URL:http://secunia.com/advisories/29286 SECUNIA:29374 URL:http://secunia.com/advisories/29374 SECUNIA:29400 URL:http://secunia.com/advisories/29400 SECUNIA:30047 URL:http://secunia.com/advisories/30047 SREASON:3726 URL:http://securityreason.com/securityalert/3726 VUPEN:ADV-2008-0822 URL:http://www.vupen.com/english/advisories/2008/0822/references XF:horde-theme-file-include(41054) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41054
Assigning CNA
MITRE Corporation
Date Record Created
20080310	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080310)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)