返回 CVE 瀏覽器

CVE-2007-6018

MEDIUM

5.8

CVSS Severity Score

EPSS Score0.0050%

EPSS Percentile24.07th

Published2008年1月11日

Last Modified2026年4月23日

Vulnerability Description

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

Affected Platforms (CPE)

📦

Horde

Framework

= 3.1.5

📦

Horde

Groupware Webmail Edition

= 1.0.3

📦

Horde

Horde

= 3.1.5

📦

Horde

Imp

= 4.1.5

References & Advisories

🔗 http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h

🔗 http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h

🔗 http://lists.horde.org/archives/announce/2008/000360.html

🔗 http://lists.horde.org/archives/announce/2008/000365.html

🔗 http://lists.horde.org/archives/announce/2008/000366.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

🔗 http://secunia.com/advisories/28020

🔗 http://secunia.com/advisories/28546

相關漏洞威脅

CVE-2006-188510.0

Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have un...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2006-027710.0

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vector...

CVE-2007-074610.0

Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to exe...