CVE-2007-1474
Summary
| CVE | CVE-2007-1474 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-03-16 21:19:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. |
Risk And Classification
Primary CVSS: v2.0 6.8 from [email protected]
AV:N/AC:M/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Horde | Horde Application Framework | 3.0.0 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.4 | All | All | All |
| Application | Horde | Horde Application Framework | 3.1.3 | All | All | All |
| Application | Horde | Imp | 2.0 | All | All | All |
| Application | Horde | Imp | 2.2 | All | All | All |
| Application | Horde | Imp | 2.2.1 | All | All | All |
| Application | Horde | Imp | 2.2.2 | All | All | All |
| Application | Horde | Imp | 2.2.3 | All | All | All |
| Application | Horde | Imp | 2.2.4 | All | All | All |
| Application | Horde | Imp | 2.2.5 | All | All | All |
| Application | Horde | Imp | 2.2.6 | All | All | All |
| Application | Horde | Imp | 2.2.7 | All | All | All |
| Application | Horde | Imp | 2.2.8 | All | All | All |
| Application | Horde | Imp | 2.3 | All | All | All |
| Application | Horde | Imp | 3.0 | All | All | All |
| Application | Horde | Imp | 3.1 | All | All | All |
| Application | Horde | Imp | 3.1.2 | All | All | All |
| Application | Horde | Imp | 3.2 | All | All | All |
| Application | Horde | Imp | 3.2.1 | All | All | All |
| Application | Horde | Imp | 3.2.2 | All | All | All |
| Application | Horde | Imp | 3.2.3 | All | All | All |
| Application | Horde | Imp | 3.2.4 | All | All | All |
| Application | Horde | Imp | 3.2.5 | All | All | All |
| Application | Horde | Imp | 3.2.6 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| labs.idefense.com/intelligence/vulnerabilities/display.php | af854a3a-2127-422b-91ae-364da2661108 | labs.idefense.com | Vendor Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Horde IMP Cleanup Script Lets Local Users Delete Files - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| Horde Framework and IMP Cleanup Cron Script Arbitrary File Deletion Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Horde Application Framework Cleanup Script Lets Local Users Delete Files - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| [announce] Horde 3.1.4 (final) | af854a3a-2127-422b-91ae-364da2661108 | lists.horde.org | Patch, Vendor Advisory |
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| Debian -- Security Information -- DSA-1406-1 horde3 | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Debian update for horde3 - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.