Debian: 2853-1: horde3: Remote code execution
Feb08
on February 8, 2014
at 4:40 pm
Posted In: Uncategorized
(Feb 5) Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-crafted one of those variables allowing her to load and [More…]
Comment