Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-1260 | First vendor Publication | 2006-03-18 |
Vendor | Cve | Last vendor Modification | 2018-10-18 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1260 |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200604-02 (horde) File : nvt/glsa_200604_02.nasl |
2008-09-04 | Name : FreeBSD Ports: horde, horde-php5 File : nvt/freebsd_horde4.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1033-1 (horde3) File : nvt/deb_1033_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1034-1 (horde2) File : nvt/deb_1034_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
23918 | Horde go.php url Parameter Arbitrary File Access Horde contains a flaw that may lead to an unauthorized information disclosure. The issue is due to go.php not properly sanitizing user input supplied to the 'url' variable. Embedding a NULL character within the 'url' variable enables an attacker to control the variable passed to readfile() function leading to the reading of any file on the file system with the privileges of the web server resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1033.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1034.nasl - Type : ACT_GATHER_INFO |
2006-04-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-02.nasl - Type : ACT_GATHER_INFO |
2006-03-15 | Name : The remote web server contains a PHP application that is affected by an infor... File : horde_url_file_disclosure.nasl - Type : ACT_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:48 |
|
2021-04-22 01:04:21 |
|
2020-05-23 00:17:31 |
|
2018-10-18 21:20:01 |
|
2017-07-20 09:23:26 |
|
2016-06-28 15:40:23 |
|
2016-04-26 14:24:34 |
|
2014-02-17 10:35:04 |
|
2013-05-11 10:51:42 |
|