QwikSec

Security Database

CVE

CWE

Training

CVE-2007-6018

Published: Jan 11, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=428625

x_refsource_CONFIRM

SUSE-SR:2009:007

vendor-advisory

x_refsource_SUSE

horde-impgroupware-filter-security-bypass(39595)

vdb-entry

x_refsource_XF

http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h

x_refsource_CONFIRM

[announce] 20080109 Horde Groupware 1.0.3 (final)

mailing-list

x_refsource_MLIST

[announce] 20080109 Horde 3.1.6 (final)

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

FEDORA-2008-2087

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_BID

[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)

mailing-list

x_refsource_MLIST

http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h

x_refsource_CONFIRM

http://secunia.com/secunia_research/2007-102/advisory/

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

FEDORA-2008-2040

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.