[pkg-horde] Bug#396099: CVE-2006-5449: Ingo Folder Name Shell
Command Injection Vulnerability
Stefan Fritsch
sf at sfritsch.de
Sun Oct 29 21:03:29 CET 2006
package: ingo1
tags: security
severity: grave
A vulnerability has been found in ingo:
procmail in Ingo H3 before 1.1.2 Horde module allows remote
authenticated users to execute arbitrary commands via shell
metacharacters in the mailbox destination of a filter rule.
This is fixed in 1.1.2. See
http://secunia.com/advisories/22482
for details.
Please mention the CVE id in the changelog.
More information about the pkg-horde-hackers
mailing list