header-logo
Suggest Exploit
vendor:
Horde Framework and IMP
by:
Unknown
7.5
CVSS
HIGH
Arbitrary File Deletion
Unknown
CWE
Product Name: Horde Framework and IMP
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Arbitrary File Deletion Vulnerability in Horde Framework and IMP

A local attacker can delete arbitrary files in the context of the user running the application by creating a specific file and running the affected cron script.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22985/info

Horde Framework and IMP are prone to a vulnerability that allows a local attacker to delete arbitrary files in the context of the user running the application.

A successful attack can reduce the integrity of affected computers and may aid in further attacks. 

An attacker could exploit this issue by creating a file '/tmp/x /etc/passwd /tmpmswordx' and running the affected cron script. This will result in the deletion of '/tmp/x', '/etc/passwd', and '/tmp/mswordx'.

Navigation

Suggest Exploit

Services By CQR