Moritz Muehlenhoff wrote:
> Could you check, whether Horde 3.0.4 and 2.2.8 from stable are affected?
Both are affected (for horde2 the file can be found in horde/util ).
bye, Martin
--
Powered by Debian GNU / Linux
signature.asc
Description: OpenPGP digital signature
Package: horde3
Severity: grave
Tags: security
Justification: user security hole
| Horde Application Framework 3.0.9 allows remote attackers to read arbitrary
| files via a null character in the url parameter in services/go.php, which
| bypasses a sanity check.
Please see
http://lists.grok.org.uk
2 matches
Mail list logo
