>> Horde Arbitrary File Deletion and "new_lang" Parameter Cross Site Scripting Vulnerabilities
Title : Horde Arbitrary File Deletion and "new_lang" Parameter Cross Site Scripting Vulnerabilities VUPEN ID : VUPEN/ADV-2007-0965 CVE ID : CVE-2007-1473 - CVE-2007-1474
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-03-16
Technical Description
Two vulnerabilities have been identified in Horde Application Framework, which could be exploited by attackers to execute malicious scripting code or by malicious users to delete arbitrary files.
The first issue is due to an input validation error in the "login.php" script when processing a malformed "new_lang" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
The second vulnerability is due to an error in the cleanup cron scripts that do not validate output generated via the "find" command, which could be exploited by local attackers to delete arbitrary files with the privileges of the user configured to run the cron script.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
