Limited Black Friday Offer:
Horde - Horde_Image::factory driver Argument LFI Vulnerability CVE-2009-0932 Scanner
In Horde, there is Local File Inclusion vulnerability.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Parent Category
Horde - Horde_Image::factory driver Argument LFI Vulnerability CVE-2009-0932 Scanner Detail
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
- http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
- http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5
- http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503
- http://lists.horde.org/archives/announce/2009/000482.html
- http://lists.horde.org/archives/announce/2009/000483.html
- http://lists.horde.org/archives/announce/2009/000486.html
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://securityreason.com/securityalert/8077
- http://www.securityfocus.com/bid/33491