Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for turba_contact_manager by horde

    CVE-2008-0807 (GCVE-0-2008-0807)

    Vulnerability from nvd – Published: 2008-02-19 00:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29186 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=432027 x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/27844 vdb-entryx_refsource_BID
    http://www.debian.org/security/2008/dsa-1507 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/28982 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29071 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2008/0593… vdb-entryx_refsource_VUPEN
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/29185 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id?1019433 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29184 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058 x_refsource_CONFIRM
    Date Public
    2008-02-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:38.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29186",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29186"
              },
              {
                "name": "[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000381.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432027"
              },
              {
                "name": "FEDORA-2008-2087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
              },
              {
                "name": "27844",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27844"
              },
              {
                "name": "DSA-1507",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1507"
              },
              {
                "name": "28982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28982"
              },
              {
                "name": "29071",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29071"
              },
              {
                "name": "[announce] 20080215 Turba H3 (2.1.7) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000378.html"
              },
              {
                "name": "ADV-2008-0593",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0593/references"
              },
              {
                "name": "[announce] 20080215 Turba H3 (2.2-RC3)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000379.html"
              },
              {
                "name": "29185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29185"
              },
              {
                "name": "[announce] 20080215 Horde Groupware 1.0.4 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000380.html"
              },
              {
                "name": "1019433",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019433"
              },
              {
                "name": "29184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29184"
              },
              {
                "name": "FEDORA-2008-2040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-05T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29186",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29186"
            },
            {
              "name": "[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000381.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432027"
            },
            {
              "name": "FEDORA-2008-2087",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
            },
            {
              "name": "27844",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27844"
            },
            {
              "name": "DSA-1507",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1507"
            },
            {
              "name": "28982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28982"
            },
            {
              "name": "29071",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29071"
            },
            {
              "name": "[announce] 20080215 Turba H3 (2.1.7) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000378.html"
            },
            {
              "name": "ADV-2008-0593",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0593/references"
            },
            {
              "name": "[announce] 20080215 Turba H3 (2.2-RC3)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000379.html"
            },
            {
              "name": "29185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29185"
            },
            {
              "name": "[announce] 20080215 Horde Groupware 1.0.4 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000380.html"
            },
            {
              "name": "1019433",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019433"
            },
            {
              "name": "29184",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29184"
            },
            {
              "name": "FEDORA-2008-2040",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0807",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29186",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29186"
                },
                {
                  "name": "[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000381.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=432027",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432027"
                },
                {
                  "name": "FEDORA-2008-2087",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
                },
                {
                  "name": "27844",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27844"
                },
                {
                  "name": "DSA-1507",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1507"
                },
                {
                  "name": "28982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28982"
                },
                {
                  "name": "29071",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29071"
                },
                {
                  "name": "[announce] 20080215 Turba H3 (2.1.7) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000378.html"
                },
                {
                  "name": "ADV-2008-0593",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0593/references"
                },
                {
                  "name": "[announce] 20080215 Turba H3 (2.2-RC3)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000379.html"
                },
                {
                  "name": "29185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29185"
                },
                {
                  "name": "[announce] 20080215 Horde Groupware 1.0.4 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000380.html"
                },
                {
                  "name": "1019433",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019433"
                },
                {
                  "name": "29184",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29184"
                },
                {
                  "name": "FEDORA-2008-2040",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0807",
        "datePublished": "2008-02-19T00:00:00.000Z",
        "dateReserved": "2008-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:38.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0807 (GCVE-0-2008-0807)

    Vulnerability from cvelistv5 – Published: 2008-02-19 00:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29186 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=432027 x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/27844 vdb-entryx_refsource_BID
    http://www.debian.org/security/2008/dsa-1507 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/28982 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29071 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2008/0593… vdb-entryx_refsource_VUPEN
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/29185 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id?1019433 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29184 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058 x_refsource_CONFIRM
    Date Public
    2008-02-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:38.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29186",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29186"
              },
              {
                "name": "[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000381.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432027"
              },
              {
                "name": "FEDORA-2008-2087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
              },
              {
                "name": "27844",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27844"
              },
              {
                "name": "DSA-1507",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1507"
              },
              {
                "name": "28982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28982"
              },
              {
                "name": "29071",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29071"
              },
              {
                "name": "[announce] 20080215 Turba H3 (2.1.7) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000378.html"
              },
              {
                "name": "ADV-2008-0593",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0593/references"
              },
              {
                "name": "[announce] 20080215 Turba H3 (2.2-RC3)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000379.html"
              },
              {
                "name": "29185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29185"
              },
              {
                "name": "[announce] 20080215 Horde Groupware 1.0.4 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000380.html"
              },
              {
                "name": "1019433",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019433"
              },
              {
                "name": "29184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29184"
              },
              {
                "name": "FEDORA-2008-2040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-05T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29186",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29186"
            },
            {
              "name": "[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000381.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432027"
            },
            {
              "name": "FEDORA-2008-2087",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
            },
            {
              "name": "27844",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27844"
            },
            {
              "name": "DSA-1507",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1507"
            },
            {
              "name": "28982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28982"
            },
            {
              "name": "29071",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29071"
            },
            {
              "name": "[announce] 20080215 Turba H3 (2.1.7) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000378.html"
            },
            {
              "name": "ADV-2008-0593",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0593/references"
            },
            {
              "name": "[announce] 20080215 Turba H3 (2.2-RC3)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000379.html"
            },
            {
              "name": "29185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29185"
            },
            {
              "name": "[announce] 20080215 Horde Groupware 1.0.4 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000380.html"
            },
            {
              "name": "1019433",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019433"
            },
            {
              "name": "29184",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29184"
            },
            {
              "name": "FEDORA-2008-2040",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0807",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29186",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29186"
                },
                {
                  "name": "[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000381.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=432027",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432027"
                },
                {
                  "name": "FEDORA-2008-2087",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
                },
                {
                  "name": "27844",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27844"
                },
                {
                  "name": "DSA-1507",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1507"
                },
                {
                  "name": "28982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28982"
                },
                {
                  "name": "29071",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29071"
                },
                {
                  "name": "[announce] 20080215 Turba H3 (2.1.7) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000378.html"
                },
                {
                  "name": "ADV-2008-0593",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0593/references"
                },
                {
                  "name": "[announce] 20080215 Turba H3 (2.2-RC3)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000379.html"
                },
                {
                  "name": "29185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29185"
                },
                {
                  "name": "[announce] 20080215 Horde Groupware 1.0.4 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000380.html"
                },
                {
                  "name": "1019433",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019433"
                },
                {
                  "name": "29184",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29184"
                },
                {
                  "name": "FEDORA-2008-2040",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0807",
        "datePublished": "2008-02-19T00:00:00.000Z",
        "dateReserved": "2008-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:38.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }