CVE-2006-1260

NameCVE-2006-1260
DescriptionHorde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1033-1, DSA-1034-1
NVD severitymedium (attack range: remote)
Debian Bugs358812

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
horde2sourcesarge2.2.8-1sarge2mediumDSA-1034-1
horde3source(unstable)3.1-1medium358812
horde3sourcesarge3.0.4-4sarge3mediumDSA-1033-1

Search for package or bug name: Reporting problems