CVE-2001-1258
First published: Sat Jul 21 2001(Updated: )
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde IMP | =2.2.5 | |
| Horde IMP | =2.2.1 | |
| Horde IMP | =2.2.2 | |
| Horde IMP | =2.2.4 | |
| Horde IMP | =2.0 | |
| Horde IMP | =2.2 | |
| Horde IMP | =2.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2001/dsa-073
- http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
- http://www.iss.net/security_center/static/6906.php
- http://www.securityfocus.com/bid/3083
- http://online.securityfocus.com/archive/1/198495
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/horde
- canonical/horde imp
- version/horde imp/2.2.5
- version/horde imp/2.2.1
- version/horde imp/2.2.2
- version/horde imp/2.2.4
- version/horde imp/2.0
- version/horde imp/2.2
- version/horde imp/2.2.3