Download
| Alert*
oval:org.secpod.oval:def:601207
Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize PHP function. A remote attacker could specially-crafted one of those variables allowing her to load and execute code. oval:org.secpod.oval:def:601384 horde3 is installed oval:org.secpod.oval:def:600592 It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery. |