| Package: | horde-webmail |
| Date: | 2008-06-06 |
| Vulnerable version: | 1.0.6-1kalgan1 |
| Unaffected version: | 1.1-1kalgan1 |
| Bug tracker entry: | http://bugs.frugalware.org/task/3120 |
| CVEs: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6018 |
| Description: | Secunia Research has discovered a vulnerability in IMP Webmail Client and Horde Groupware Webmail Edition, which can be exploited by malicious people to bypass certain security restrictions and manipulate data. The HTML filter does not filter out frame and frameset HTML elements. Additionally, the application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to (a) delete an arbitrary number of e-mail messages by referencing their numeric IDs and (b) purge deleted mails, when the victim opens a malicious HTML mail. Successful exploitation requires that the victim opens the HTML part of a malicious message. |
