Vincenzo Ciaglia

**Name of the Vulnerable Software and Affected Versions** rsync versions 2.6.2 and earlier rsync versions 2.6.0 and earlier rsync version 2.5.7 **Description** The issue is related to a directory traversal vulnerability in the sanitize path function. This vulnerability can be exploited to read or write certain files, potentially leading to confidentiality and integrity breaches. The exploitation can be done remotely. **Recommendations** For rsync versions 2.6.2 and earlier, consider updating to a version later than 2.6.2 to resolve the issue. For rsync versions 2.6.0 and earlier, update to a version later than 2.6.0. For rsync version 2.5.7, update to a version later than 2.5.7. As a temporary workaround, consider disabling the chroot functionality until a patch is available.

Name of the Vulnerable Software and Affected Versions: Horde versions prior to 2.2.4 Description: The issue allows remote malicious web sites to steal session IDs and read or create arbitrary email by exploiting the referrer URL. Recommendations: For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue.