[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Tue, 17 Mar 2009 17:01:50 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Ludwig Nussel <ludwig.nussel@...e.de>
cc: oss-security@...ts.openwall.com, "Steven M. Christey" <coley@...re.org>
Subject: Re: CVE request - horde, imp
======================================================
Name: CVE-2009-0930
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0930
Reference: MLIST:[announce] 20090127 IMP 4.2.2 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000484.html
Reference: MLIST:[announce] 20090127 IMP 4.3.3 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000485.html
Reference: CONFIRM:http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.301.2.3
Reference: CONFIRM:http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.375
Reference: BID:33492
Reference: URL:http://www.securityfocus.com/bid/33492
Reference: SECUNIA:33719
Reference: URL:http://secunia.com/advisories/33719
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP
before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web
script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php,
and (3) message.php.
======================================================
Name: CVE-2009-0931
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0931
Reference: MLIST:[announce] 20090127 Horde 3.2.4 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000483.html
Reference: MLIST:[announce] 20090127 Horde 3.3.3 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000482.html
Reference: MLIST:[announce] 20090127 Horde Groupware 1.1.5 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000486.html
Reference: CONFIRM:http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
Reference: CONFIRM:http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5
Reference: CONFIRM:http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503
Reference: BID:33491
Reference: URL:http://www.securityfocus.com/bid/33491
Reference: SECUNIA:33695
Reference: URL:http://secunia.com/advisories/33695
Cross-site scripting (XSS) vulnerability in the tag cloud search
script (horde/services/portal/cloud_search.php) in Horde before 3.2.4
and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers
to inject arbitrary web script or HTML via unspecified vectors.
======================================================
Name: CVE-2009-0932
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0932
Reference: MLIST:[announce] 20090127 Horde 3.2.4 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000483.html
Reference: MLIST:[announce] 20090127 Horde 3.3.3 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000482.html
Reference: MLIST:[announce] 20090127 Horde Groupware 1.1.5 (final)
Reference: URL:http://lists.horde.org/archives/announce/2009/000486.html
Reference: CONFIRM:http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
Reference: CONFIRM:http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5
Reference: CONFIRM:http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503
Reference: BID:33491
Reference: URL:http://www.securityfocus.com/bid/33491
Reference: SECUNIA:33695
Reference: URL:http://secunia.com/advisories/33695
Directory traversal vulnerability in framework/Image/Image.php in
Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows
remote attackers to include and execute arbitrary local files via
directory traversal sequences in the Horde_Image driver name.
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ