CVE-2007-1474
Summary
| CVE | CVE-2007-1474 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-03-16 21:19:00 UTC |
| Updated | 2017-07-29 01:30:00 UTC |
| Description | Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Horde | Horde Application Framework | 3.0.0 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.4 | All | All | All |
| Application | Horde | Horde Application Framework | 3.1.3 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.0 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.4 | All | All | All |
| Application | Horde | Horde Application Framework | 3.1.3 | All | All | All |
| Application | Horde | Imp | 2.0 | All | All | All |
| Application | Horde | Imp | 2.2 | All | All | All |
| Application | Horde | Imp | 2.2.1 | All | All | All |
| Application | Horde | Imp | 2.2.2 | All | All | All |
| Application | Horde | Imp | 2.2.3 | All | All | All |
| Application | Horde | Imp | 2.2.4 | All | All | All |
| Application | Horde | Imp | 2.2.5 | All | All | All |
| Application | Horde | Imp | 2.2.6 | All | All | All |
| Application | Horde | Imp | 2.2.7 | All | All | All |
| Application | Horde | Imp | 2.2.8 | All | All | All |
| Application | Horde | Imp | 2.3 | All | All | All |
| Application | Horde | Imp | 3.0 | All | All | All |
| Application | Horde | Imp | 3.1 | All | All | All |
| Application | Horde | Imp | 3.1.2 | All | All | All |
| Application | Horde | Imp | 3.2 | All | All | All |
| Application | Horde | Imp | 3.2.1 | All | All | All |
| Application | Horde | Imp | 3.2.2 | All | All | All |
| Application | Horde | Imp | 3.2.3 | All | All | All |
| Application | Horde | Imp | 3.2.4 | All | All | All |
| Application | Horde | Imp | 3.2.5 | All | All | All |
| Application | Horde | Imp | 3.2.6 | All | All | All |
| Application | Horde | Imp | 2.0 | All | All | All |
| Application | Horde | Imp | 2.2 | All | All | All |
| Application | Horde | Imp | 2.2.1 | All | All | All |
| Application | Horde | Imp | 2.2.2 | All | All | All |
| Application | Horde | Imp | 2.2.3 | All | All | All |
| Application | Horde | Imp | 2.2.4 | All | All | All |
| Application | Horde | Imp | 2.2.5 | All | All | All |
| Application | Horde | Imp | 2.2.6 | All | All | All |
| Application | Horde | Imp | 2.2.7 | All | All | All |
| Application | Horde | Imp | 2.2.8 | All | All | All |
| Application | Horde | Imp | 2.3 | All | All | All |
| Application | Horde | Imp | 3.0 | All | All | All |
| Application | Horde | Imp | 3.1 | All | All | All |
| Application | Horde | Imp | 3.1.2 | All | All | All |
| Application | Horde | Imp | 3.2 | All | All | All |
| Application | Horde | Imp | 3.2.1 | All | All | All |
| Application | Horde | Imp | 3.2.2 | All | All | All |
| Application | Horde | Imp | 3.2.3 | All | All | All |
| Application | Horde | Imp | 3.2.4 | All | All | All |
| Application | Horde | Imp | 3.2.5 | All | All | All |
| Application | Horde | Imp | 3.2.6 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Horde Framework and IMP Cleanup Cron Script Arbitrary File Deletion Vulnerability | BID | www.securityfocus.com | |
| Horde Application Framework Cleanup Script Lets Local Users Delete Files - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Debian update for horde3 - Advisories - Secunia | SECUNIA | secunia.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| 20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability | IDEFENSE | labs.idefense.com | Vendor Advisory |
| Horde IMP Cleanup Script Lets Local Users Delete Files - SecurityTracker | SECTRACK | www.securitytracker.com | |
| [announce] Horde 3.1.4 (final) | MLIST | lists.horde.org | Patch, Vendor Advisory |
| Webmail - OVH | VUPEN | www.vupen.com | |
| Debian -- Security Information -- DSA-1406-1 horde3 | DEBIAN | www.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.