CVE-2007-1474

Published: Mar 16, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

Affected (24)

Products: Horde: Horde Application Framework, Imp

2 products

Horde Application Framework

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Horde Horde Application Framework	Version 3.0.0
Horde Horde Application Framework	Version 3.0.4
Horde Horde Application Framework	Version 3.1.3
Horde Imp	Version 2.0
Horde Imp	Version 2.2.1
Horde Imp	Version 2.2.2
Horde Imp	Version 2.2.3
Horde Imp	Version 2.2.4
Horde Imp	Version 2.2.5
Horde Imp	Version 2.2.6
Horde Imp	Version 2.2.7
Horde Imp	Version 2.2.8
Horde Imp	Version 2.2
Horde Imp	Version 2.3
Horde Imp	Version 3.0
Horde Imp	Version 3.1.2
Horde Imp	Version 3.1
Horde Imp	Version 3.2.1
Horde Imp	Version 3.2.2
Horde Imp	Version 3.2.3
Horde Imp	Version 3.2.4
Horde Imp	Version 3.2.5
Horde Imp	Version 3.2.6
Horde Imp	Version 3.2

References (18)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489

Source: cve@mitre.org

Vendor Advisory

http://lists.horde.org/archives/announce/2007/000315.html

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/27565

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1406

Source: cve@mitre.org

http://www.securityfocus.com/bid/22985

Source: cve@mitre.org

http://www.securitytracker.com/id?1017784

Source: cve@mitre.org

http://www.securitytracker.com/id?1017785

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0965

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/32997

Source: cve@mitre.org

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.horde.org/archives/announce/2007/000315.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/27565

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2007/dsa-1406

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/22985

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1017784

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1017785

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/0965

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/32997

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.