FKIE_CVE-2006-1260

Vulnerability from fkie_nvd - Published: 2006-03-19 02:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
References
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.htmlPatch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/19246Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/19528
cve@mitre.orghttp://secunia.com/advisories/19619
cve@mitre.orghttp://secunia.com/advisories/19692
cve@mitre.orghttp://secunia.com/advisories/19897
cve@mitre.orghttp://securityreason.com/securityalert/590
cve@mitre.orghttp://securitytracker.com/id?1015771Patch
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1033
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1034
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200604-02.xml
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_04_28.html
cve@mitre.orghttp://www.osvdb.org/23918Exploit, Patch
cve@mitre.orghttp://www.securityfocus.com/archive/1/427710/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/17117Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/0959
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/25239
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19246Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19528
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19619
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19692
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19897
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/590
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015771Patch
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1033
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1034
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_28.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/23918Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/427710/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/17117Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0959
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/25239
Impacted products
Vendor Product Version
horde horde 1.2
horde horde 1.2.1
horde horde 1.2.2
horde horde 1.2.3
horde horde 1.2.4
horde horde 1.2.5
horde horde 1.2.6
horde horde 1.2.7
horde horde 1.2.8
horde horde 2.0
horde horde 2.1
horde horde 2.1.3
horde horde 2.2
horde horde 2.2.1
horde horde 2.2.3
horde horde 2.2.4
horde horde 2.2.4_rc1
horde horde 2.2.5
horde horde 2.2.6
horde horde 2.2.7
horde horde 2.2.8
horde horde 2.2.9
horde horde 3.0
horde horde 3.0.1
horde horde 3.0.2
horde horde 3.0.3
horde horde 3.0.4
horde horde 3.0.4_rc1
horde horde 3.0.4_rc2
horde horde 3.0.6
horde horde 3.0.7
horde horde 3.0.8
horde horde 3.0.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8695C97E-2E1A-480D-9DC9-8AD981B72CD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0CF9DF-AD61-458E-B421-4A8A286D501C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB79656-9923-4360-97DA-1A45CB7CD2B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10D5E41-1C2C-4AD7-B172-D09F02CC9130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C5BC2A4-5F78-413A-B12D-7B901DDDF39A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10EAB2E-1E4C-4BBE-8E0C-9DE80CB2123D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "61320CF4-7945-41EA-872F-017D7AE03CD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "64629495-1CFD-4831-87BF-8C5EFACE1073",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB4BE889-59D4-46FB-AB59-02E6D427E54E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7CE13CB-7F98-4AB5-970D-564A192D4143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7B6F5D-813B-48D2-85D4-C310D87E8581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCF3B9E5-23C4-4236-BDA4-E5A65E35AF70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "064985D4-266B-4EEF-9BA2-B4F6EF22665F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03528181-D73F-473B-BA15-9052228690BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C592CD2-2836-4892-BB78-E794E5169009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E41299B1-934C-4CD8-A956-D12EFA0B1916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.2.4_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56D3EBB9-CB0F-4C5A-BED1-0DF781197E5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "14A94F9F-C39E-4A31-87DD-CA1248FAC299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0116F7F-D0EF-4E1A-97F8-F9D8BD0364EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "94B640CC-3623-4D11-A542-02A401AC814D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDC11155-F78F-4C6A-B5CF-AA757996320A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9BDB951-607D-4502-85E3-0629F958B0F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF82BE80-C62C-4E1A-8AB9-5773E49142B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74DEABE1-B6C4-4C6F-A098-D5BC9F3C65A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8E486E1-3BC7-444A-8BBB-6571CCF44E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE8E2B1E-C3C7-466D-982C-36FC51D0BE9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "76E3B91F-F391-4126-832C-C5582F5D6FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.4_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2912428D-9A74-48C2-8866-669355CAB535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.4_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A17589E-AAD1-432A-A5E3-623A8EF66572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FA1F0BF-6F17-4062-86B0-83EEDA5EAC94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "505DFF07-4F63-4A0E-87E4-DC899F345307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B313A4C-12CE-4CA9-8036-26580152AE7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7730FD04-0CC8-4D96-A3B5-9D628381653E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
    }
  ],
  "id": "CVE-2006-1260",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-03-19T02:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19246"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19528"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19619"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19692"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19897"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/590"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015771"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1033"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1034"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.osvdb.org/23918"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17117"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/0959"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.osvdb.org/23918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/0959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.