Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1260

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1260
Last Modified 07 Mar 2011 09:32:35
Published 18 Mar 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1260

Summary

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.

Vulnerable Systems

Application

  • Horde 1.2

  • Horde 1.2.1

  • Horde 1.2.2

  • Horde 1.2.3

  • Horde 1.2.4

  • Horde 1.2.5

  • Horde 1.2.6

  • Horde 1.2.7

  • Horde 1.2.8

  • Horde 2.0

  • Horde 2.1

  • Horde 2.1.3

  • Horde 2.2

  • Horde 2.2.1

  • Horde 2.2.3

  • Horde 2.2.4

  • Horde 2.2.4 Rc1

  • Horde 2.2.5

  • Horde 2.2.6

  • Horde 2.2.7

  • Horde 2.2.8

  • Horde 2.2.9

  • Horde 3.0

  • Horde 3.0.1

  • Horde 3.0.2

  • Horde 3.0.3

  • Horde 3.0.4

  • Horde 3.0.4 Rc1

  • Horde 3.0.4 Rc2

  • Horde 3.0.6

  • Horde 3.0.7

  • Horde 3.0.8

  • Horde 3.0.9


References

XF - horde-servicesgo-information-disclosure(25239)

BID - 17117

OSVDB - 23918

SECTRACK - 1015771

SECUNIA - 19246

FULLDISC - 20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior

VUPEN - ADV-2006-0959

SUSE - SUSE-SR:2006:009

GENTOO - GLSA-200604-02

DEBIAN - DSA-1034

DEBIAN - DSA-1033

SREASON - 590

SECUNIA - 19897

SECUNIA - 19692

SECUNIA - 19619

SECUNIA - 19528


Last Updated: 27 May 2016 10:42:00