Horde Kronolith H3 lib/FBView.php 目录遍历漏洞

https://www.securityfocus.com/bid/21341
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-506

HordeKronolithH3的2.0.7之前版本和2.1.x中的2.1.4之前版本中的lib/FBView.php存在目录遍历漏洞，远程攻击者可通过在view参数（该参数中包含..）序列来包含任意文件和执行PHP代码。

Horde Project Kronolith 2.1.3 Horde Project Kronolith 2.1.2 Horde Project Kronolith 2.1.1 Horde Project Kronolith 2.1 Horde Project Kronolith 2.0.6 Horde Project Kronolit

来源:BID
名称:21341
链接:http://www.securityfocus.com/bid/21341
来源:MLIST
名称:[horde-announce]20061129[SECURITY]KronolithH3(2.1.4)(final)
链接:http://marc.theaimsgroup.com/?l=horde-announce&m=116483121211579&w=2
来源:MLIST
名称:[horde-announce]20061129[SECURITY]KronolithH3(2.0.7)(final)
链接:http://marc.theaimsgroup.com/?l=horde-announce&m=116483107007152&w=2
来源:IDEFENSE
名称:20061129HordeKronolithArbitraryLocalFileInclusionVulnerability
链接:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=445
来源:VUPEN
名称:ADV-2006-4775
链接:http://www.frsirt.com/english/advisories/2006/4775
来源:SECTRACK
名称:1017316
链接:http://securitytracker.com/id?1017316
来源:SECUNIA
名称:23145
链接:http://secunia.com/advisories/23145
来源:GENTOO
名称:GLSA-200701-11
链接:http://security.gentoo.org/glsa/glsa-200701-11.xml
来源:SECUNIA
名称:23780
链接:http://secunia.com/advisories/23780