Debian Linux Security Advisory 4468-1 - A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution.
0bc3d0e5e086d57acdd3bcc99ace1c5c1b9bfdf676e0a52c87360b551e12969b
Horde Groupware Webmail contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. The exploitation requires the Turba subcomponent to be installed. This module was tested on Horde versions 5.2.22 and 5.2.17 running Horde Form subcomponent versions prior to 2.0.19.
612b3d1040426906f9ecf9282768acae87d4201e1009859a877feab335c41aa4