Gentoo Linux Security Advisory 200909-14 (Normal): horde (and 2

Article Source Gentoo Linux Security Advisories

Background

Horde is a web application framework written in PHP. Horde IMP, the “Internet Messaging Program”, is a Webmail module and Horde Passwd is a password changing module for Horde.

Description

Multiple vulnerabilities have been discovered in Horde:

Gunnar Wrobel reported an input sanitation and directory traversal flaw in framework/Image/Image.php, related to the “Horde_Image driver name” (CVE-2009-0932).
Gunnar Wrobel reported that data sent to horde/services/portal/cloud_search.php is not properly sanitized before used in the output (CVE-2009-0931).
It was reported that data sent to framework/Text_Filter/Filter/xss.php is not properly sanitized before used in the output (CVE-2008-5917).

Horde Passwd: David Wharton reported that data sent via the “backend” parameter to passwd/main.php is not properly sanitized before used in the output (CVE-2009-2360).

Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php, and message.php is not properly sanitized before used in the output (CVE-2009-0930)…

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Achieving Log Centralization and Analysis with Open Source SIEM and XDR: UTMStack

RELATED ARTICLES MORE FROM AUTHOR