Article Source Gentoo Linux Security Advisories
Horde is a web application framework written in PHP. Horde IMP, the “Internet Messaging Program”, is a Webmail module and Horde Passwd is a password changing module for Horde.
Multiple vulnerabilities have been discovered in Horde:
- Gunnar Wrobel reported an input sanitation and directory traversal flaw in framework/Image/Image.php, related to the “Horde_Image driver name” (CVE-2009-0932).
- Gunnar Wrobel reported that data sent to horde/services/portal/cloud_search.php is not properly sanitized before used in the output (CVE-2009-0931).
- It was reported that data sent to framework/Text_Filter/Filter/xss.php is not properly sanitized before used in the output (CVE-2008-5917).
Horde Passwd: David Wharton reported that data sent via the “backend” parameter to passwd/main.php is not properly sanitized before used in the output (CVE-2009-2360).
Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php, and message.php is not properly sanitized before used in the output (CVE-2009-0930)…