New User, Welcome!     Login

David Wharton

[ GLSA 200911-01 ] Horde: Multiple vulnerabilities

Multiple vulnerabilities have been discovered in Horde:

* Stefan Esser of Sektion1 reported an error within the form library
  when handling image form fields (CVE-2009-3236).

* Martin Geisler and David Wharton reported that an error exists in
  the MIME viewer library when viewing unknown text parts and the
  preferences system in services/prefs.php when handling number
  preferences (CVE-2009-3237).

Impact

[ GLSA 200909-14 ] Horde: Multiple vulnerabilities

* It was reported that data sent to
  framework/Text_Filter/Filter/xss.php is not properly sanitized before
  used in the output (CVE-2008-5917).

Horde Passwd: David Wharton reported that data sent via the "backend"
parameter to passwd/main.php is not properly sanitized before used in
the output (CVE-2009-2360).

Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php,
and message.php is not properly sanitized before used in the output


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!