Vulnerabilities > CVE-2006-1260 - Unspecified vulnerability in Horde

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
horde
nessus
exploit available

Summary

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.

Exploit-Db

descriptionHorde Web-Mail 3.x (go.php) Remote File Disclosure Vulnerability. CVE-2006-1260. Webapps exploit for php platform
idEDB-ID:4850
last seen2016-01-31
modified2008-01-06
published2008-01-06
reporterEugene Minaev
sourcehttps://www.exploit-db.com/download/4850/
titleHorde Web-Mail 3.x - go.php Remote File Disclosure Vulnerability

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1033.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4190 Several Cross-Site-Scripting vulnerabilities have been discovered in the
    last seen2020-06-01
    modified2020-06-02
    plugin id22575
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22575
    titleDebian DSA-1033-1 : horde3 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1033. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22575);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:19");
    
      script_cve_id("CVE-2005-4190", "CVE-2006-1260", "CVE-2006-1491");
      script_xref(name:"DSA", value:"1033");
    
      script_name(english:"Debian DSA-1033-1 : horde3 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several remote vulnerabilities have been discovered in the Horde web
    application framework, which may lead to the execution of arbitrary
    web script code. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CVE-2005-4190
        Several Cross-Site-Scripting vulnerabilities have been
        discovered in the 'share edit window'.
    
      - CVE-2006-1260
        Null characters in the URL parameter bypass a sanity
        check, which allowed remote attackers to read arbitrary
        files, which allowed information disclosure.
    
      - CVE-2006-1491
        User input in the help viewer was passed unsanitised to
        the eval() function, which allowed injection of
        arbitrary web code."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2005-4190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-1260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-1491"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-1033"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the horde3 package.
    
    The old stable distribution (woody) doesn't contain horde3 packages.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 3.0.4-4sarge3."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:horde3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/04/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"horde3", reference:"3.0.4-4sarge3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200604-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200604-02 (Horde Application Framework: Remote code execution) Jan Schneider of the Horde team discovered a vulnerability in the help viewer of the Horde Application Framework that could allow remote code execution (CVE-2006-1491). Paul Craig reported that
    last seen2020-06-01
    modified2020-06-02
    plugin id21195
    published2006-04-08
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21195
    titleGLSA-200604-02 : Horde Application Framework: Remote code execution
  • NASL familyCGI abuses
    NASL idHORDE_URL_FILE_DISCLOSURE.NASL
    descriptionThe version of Horde installed on the remote host fails to validate input to the
    last seen2020-06-01
    modified2020-06-02
    plugin id21081
    published2006-03-15
    reporterThis script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21081
    titleHorde go.php url Parameter Arbitrary File Access
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1034.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1260 Null characters in the URL parameter bypass a sanity check, which allowed remote attackers to read arbitrary files, which allowed information disclosure. - CVE-2006-1491 User input in the help viewer was passed unsanitised to the eval() function, which allowed injection of arbitrary web code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22576
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22576
    titleDebian DSA-1034-1 : horde2 - several vulnerabilities

References