• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Horde IMP Status.PHP3 Cross-Site Scripting Vulnerability

Solution:
The vendor recommends upgrading to IMP 3.1 If this is not possible, a patched version of the 2.2 series is available. Install either the upgrade or the patch.

Additional upgrades are available.


Horde IMP 2.2.6

• Conectiva horde-1.2.8-1U50_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-1.2.8-1U50_1cl.no arch.rpm


• Conectiva horde-1.2.8-1U50_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/horde-1.2.8-1U50_1cl.src .rpm


• Conectiva horde-1.2.8-1U51_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.8-1U51_1cl.no arch.rpm


• Conectiva horde-1.2.8-1U51_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/horde-1.2.8-1U51_1cl.src .rpm


• Conectiva horde-1.2.8-1U60_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.8-1U60_1cl.noar ch.rpm


• Conectiva horde-1.2.8-1U60_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/horde-1.2.8-1U60_1cl.src .rpm


• Conectiva horde-1.2.8-1U70_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.8-1U70_1cl.noar ch.rpm


• Conectiva horde-1.2.8-1U70_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/horde-1.2.8-1U70_1cl.src .rpm


• Conectiva horde-mysql-1.2.8-1U50_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-mysql-1.2.8-1U50_ 1cl.noarch.rpm


• Conectiva horde-mysql-1.2.8-1U51_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-mysql-1.2.8-1U51_ 1cl.noarch.rpm


• Conectiva horde-mysql-1.2.8-1U60_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-mysql-1.2.8-1U60_1c l.noarch.rpm


• Conectiva horde-mysql-1.2.8-1U70_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-mysql-1.2.8-1U70_1c l.noarch.rpm


• Conectiva horde-pgsql-1.2.8-1U50_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-pgsql-1.2.8-1U50_ 1cl.noarch.rpm


• Conectiva horde-pgsql-1.2.8-1U51_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-pgsql-1.2.8-1U51_ 1cl.noarch.rpm


• Conectiva horde-pgsql-1.2.8-1U60_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-pgsql-1.2.8-1U60_1c l.noarch.rpm


• Conectiva horde-pgsql-1.2.8-1U70_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-pgsql-1.2.8-1U70_1c l.noarch.rpm


• Conectiva horde-shm-1.2.8-1U50_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-shm-1.2.8-1U50_1c l.noarch.rpm


• Conectiva horde-shm-1.2.8-1U51_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-shm-1.2.8-1U51_1c l.noarch.rpm


• Conectiva horde-shm-1.2.8-1U60_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-shm-1.2.8-1U60_1cl. noarch.rpm


• Conectiva horde-shm-1.2.8-1U70_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-shm-1.2.8-1U70_1cl. noarch.rpm


• Conectiva imp-2.2.8-1U50_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.8-1U50_1cl.noar ch.rpm


• Conectiva imp-2.2.8-1U50_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/imp-2.2.8-1U50_1cl.src.r pm


• Conectiva imp-2.2.8-1U51_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.8-1U51_1cl.noar ch.rpm


• Conectiva imp-2.2.8-1U51_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/imp-2.2.8-1U51_1cl.src.r pm


• Conectiva imp-2.2.8-1U60_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.8-1U60_1cl.noarch .rpm


• Conectiva imp-2.2.8-1U60_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/imp-2.2.8-1U60_1cl.src.r pm


• Conectiva imp-2.2.8-1U70_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.8-1U70_1cl.noarch .rpm


• Conectiva imp-2.2.8-1U70_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/imp-2.2.8-1U70_1cl.src.r pm


• Debian horde_1.2.6-0.potato.5.tar.gz
  Source archive.
  http://security.debian.org/dists/stable/updates/main/source/horde_1.2. 6-0.potato.5.tar.gz


• Debian horde_1.2.6-0.potato.5_all.deb
  http://security.debian.org/dists/stable/updates/main/binary-all/horde_ 1.2.6-0.potato.5_all.deb


• Debian imp_2.2.6-0.potato.5.tar.gz
  Source archive.
  http://security.debian.org/dists/stable/updates/main/source/imp_2.2.6- 0.potato.5.tar.gz


• Debian imp_2.2.6-0.potato.5_all.deb
  http://security.debian.org/dists/stable/updates/main/binary-all/imp_2. 2.6-0.potato.5_all.deb

Horde IMP 2.2.7

• Caldera horde-1.2.8-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/ horde-1.2.8-1.i386.rpm


• Caldera horde-1.2.8-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/ho rde-1.2.8-1.i386.rpm


• Caldera horde-1.2.8-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS /horde-1.2.8-1.src.rpm


• Caldera horde-1.2.8-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS/h orde-1.2.8-1.src.rpm


• Caldera imp-2.2.8-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/ imp-2.2.8-1.i386.rpm


• Caldera imp-2.2.8-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/im p-2.2.8-1.i386.rpm


• Caldera imp-2.2.8-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS /imp-2.2.8-1.src.rpm


• Caldera imp-2.2.8-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS/i mp-2.2.8-1.src.rpm


• Horde patch-imp-2.2.7-2.2.8.gz
  ftp://ftp.horde.org/pub/imp/tarballs/patch-imp-2.2.7-2.2.8.gz


• Horde imp-2.2.8.tar.gz
  ftp://ftp.horde.org/pub/imp/tarballs/imp-2.2.8.tar.gz

Horde IMP 3.0

• Horde imp-3.1.tar.gz
  ftp://ftp.horde.org/pub/imp/tarballs/imp-3.1.tar.gz