ID CVE-2007-1474
Summary Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.
References
Vulnerable Configurations
  • cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:3.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:3.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:3.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:3.2.6:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 22985
debian DSA-1406
idefense 20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability
mlist [announce] 20070314 Horde 3.1.4 (final)
sectrack
  • 1017784
  • 1017785
secunia 27565
vupen ADV-2007-0965
xf horde-cron-file-deletion(32997)
Last major update 29-07-2017 - 01:30
Published 16-03-2007 - 21:19
Last modified 29-07-2017 - 01:30
Back to Top