Vulnerabilities > CVE-2001-1257 - Unspecified vulnerability in Horde IMP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-073.NASL |
| description | The Horde team released version 2.2.6 of IMP (a web-based IMAP mail program) which fixes three security problems. Their release announcement describes them as follows : - A PHPLIB vulnerability allowed an attacker to provide a value for the array element $_PHPLIB[libdir], and thus to get scripts from another server to load and execute. This vulnerability is remotely exploitable. (Horde 1.2.x ships with its own customized version of PHPLIB, which has now been patched to prevent this problem.) - By using tricky encodings of |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14910 |
| published | 2004-09-29 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14910 |
| title | Debian DSA-073-1 : imp - 3 remote exploits |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
- http://online.securityfocus.com/archive/1/198495
- http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt
- http://www.debian.org/security/2001/dsa-073
- http://www.iss.net/security_center/static/6905.php
- http://www.securityfocus.com/bid/3082