Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde | 1.2 |
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 2.2 |
| horde | imp | 2.0 |
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 2.2.2 |
| horde | imp | 2.2 |
| horde | imp | 2.0 |
| horde | imp | 2.2.1 |
| horde | imp | 2.2.3 |
| horde | imp | * |
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 2.2.2 |
| horde | imp | 2.2.5 |
| horde | imp | 2.2 |
| horde | imp | 2.0 |
| horde | imp | 2.2.1 |
| horde | imp | 2.2.3 |
| horde | imp | 2.2.4 |
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 2.2.2 |
| horde | imp | 2.2.5 |
| horde | imp | 2.2 |
| horde | imp | 2.0 |
| horde | imp | 2.2.1 |
| horde | imp | 2.2.3 |
| horde | imp | 2.2.4 |
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 2.2.8 |
| horde | horde | 1.2.7 |
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,CWE-219,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 2.2.7 |
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 2.2.8 |
| horde | imp | 2.2.2 |
| horde | imp | 2.2.5 |
| horde | imp | 2.2.6 |
| horde | imp | 2.2 |
| horde | imp | 2.2.1 |
| horde | imp | 2.2.3 |
| horde | imp | 2.2.7 |
| horde | imp | 2.2.4 |
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde | * |
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 2.2.2 |
| horde | imp | 2.2.5 |
| horde | imp | 3.0 |
| horde | imp | 3.2.3 |
| horde | imp | 3.2 |
| horde | imp | 2.3 |
| horde | imp | 2.0 |
| horde | imp | 3.1.2 |
| horde | imp | 3.2.2 |
| horde | imp | 3.1 |
| horde | imp | 2.2.8 |
| horde | imp | 2.2.6 |
| horde | imp | 2.2 |
| horde | imp | 2.2.1 |
| horde | imp | 2.2.3 |
| horde | imp | 2.2.7 |
| horde | imp | 3.2.1 |
| horde | imp | 2.2.4 |
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 3.2.4 |
| horde | imp | 2.2.2 |
| horde | imp | 2.2.5 |
| horde | imp | 3.0 |
| horde | imp | 3.2.3 |
| horde | imp | 3.2 |
| horde | imp | 2.3 |
| horde | imp | 2.0 |
| horde | imp | 3.1.2 |
| horde | imp | 3.2.2 |
| horde | imp | 3.1 |
| horde | imp | 2.2.8 |
| horde | imp | 2.2.6 |
| horde | imp | 2.2 |
| horde | imp | 2.2.1 |
| horde | imp | 2.2.3 |
| horde | imp | 2.2.7 |
| horde | imp | 3.2.1 |
| horde | imp | 2.2.4 |
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | application_framework | 2.1.3 |
| horde | application_framework | 2.2.3 |
| horde | application_framework | 2.2.5 |
| horde | application_framework | 2.2.4_rc1 |
| horde | application_framework | 2.1 |
| horde | application_framework | 2.2.1 |
| horde | application_framework | 2.0 |
| horde | application_framework | 2.2 |
| horde | application_framework | 2.2.4 |
| horde | application_framework | 2.2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde | 3.0 |
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | application_framework | 3.0.4_rc1 |
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | passwd | 2.2.1 |
| horde | passwd | 2.0 |
| horde | passwd | 2.1 |
| horde | passwd | 2.2 |
Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | kronolith | 1.1.3 |
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | turba | 1.2 |
| horde | turba | 1.2.1_rc1 |
| horde | turba | 1.2.3 |
| horde | turba | 1.2.3_rc1 |
| horde | turba | 1.2.2 |
| horde | turba | 1.2.1 |
| horde | turba | 1.2.4 |
Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | accounts | 2.1.1 |
| horde | accounts | 2.1 |
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | chora | 1.2.2 |
| horde | chora | 1.2 |
| horde | chora | * |
Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | forwards | 2.2 |
| horde | forwards | 2.1 |
| horde | forwards | 2.2.1 |
Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 3.2.4 |
| horde | imp | 3.2.5 |
| horde | imp | 3.2.7 |
| horde | imp | 3.2.3 |
| horde | imp | 3.2.7_rc1 |
| horde | imp | 3.2.6 |
| horde | imp | * |
Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | mnemo | 1.1.3 |
| horde | mnemo | 1.1.2 |
| horde | mnemo | 1.1 |
| horde | mnemo | 1.1.1 |
Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | vaction | 1.0a |
| horde | vaction | 2.2.1 |
| horde | vaction | 2.1 |
| horde | vaction | 2.2 |
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | nag | 1.1.2 |
| horde | nag | 1.1.1 |
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde | 3.0.4 |
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde | 2.2.3 |
| horde | horde | 2.2.4_rc1 |
| horde | horde | 2.2.8 |
| horde | horde | 2.2.5 |
| horde | horde | 2.2 |
| horde | horde | 2.2.1 |
| horde | horde | 2.2.4 |
| horde | horde | 2.2.7 |
| horde | horde | 2.2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde | 1.2.5 |
| horde | horde | 3.0.1 |
| horde | horde | 3.0.2 |
| horde | horde | 3.0.7 |
| horde | horde | 2.1 |
| horde | horde | 1.2.7 |
| horde | horde | 3.0.4_rc2 |
| horde | horde | 2.2.9 |
| horde | horde | 3.0.4_rc1 |
| horde | horde | 1.2.4 |
| horde | horde | 3.0.3 |
| horde | horde | 2.2.4 |
| horde | horde | 2.1.3 |
| horde | horde | 1.2.8 |
| horde | horde | 2.2.4_rc1 |
| horde | horde | 1.2.2 |
| horde | horde | 1.2.6 |
| horde | horde | 1.2.1 |
| horde | horde | 3.0 |
| horde | horde | 2.2.8 |
| horde | horde | 2.2.5 |
| horde | horde | 2.0 |
| horde | horde | 2.2.7 |
| horde | horde | 3.0.4 |
| horde | horde | 2.2.3 |
| horde | horde | 2.2 |
| horde | horde | 2.2.1 |
| horde | horde | 3.0.6 |
| horde | horde | 1.2.3 |
| horde | horde | 1.2 |
| horde | horde | 2.2.6 |
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 3.2.5 |
| horde | imp | 2.2.2 |
| horde | imp | 3.0 |
| horde | imp | 3.2 |
| horde | imp | 4.0.2 |
| horde | imp | 2.3 |
| horde | imp | 2.0 |
| horde | imp | 3.2.2 |
| horde | imp | 4.0 |
| horde | imp | 2.2.8 |
| horde | imp | 4.0.1 |
| horde | imp | 2.2.3 |
| horde | imp | 2.2.7 |
| horde | imp | 2.2.4 |
| horde | imp | 3.2.4 |
| horde | imp | 2.2.5 |
| horde | imp | 3.2.3 |
| horde | imp | 4.0.4 |
| horde | imp | 3.1.2 |
| horde | imp | 3.1 |
| horde | imp | 4.0.3 |
| horde | imp | 2.2.6 |
| horde | imp | 2.2 |
| horde | imp | 2.2.1 |
| horde | imp | 3.2.1 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | kronolith_h3 | 2.0.4 |
| horde | kronolith_h3 | 2.0_rc1 |
| horde | kronolith_h3 | 2.0.4_rc1 |
| horde | kronolith_h3 | 2.0.3_rc1 |
| horde | kronolith_h3 | 2.0 |
| horde | kronolith_h3 | 2.0.2 |
| horde | kronolith_h3 | 2.0.3 |
| horde | kronolith_h3 | 2.0.5 |
| horde | kronolith_h3 | 2.0_beta |
| horde | kronolith_h3 | 2.0_rc2 |
| horde | kronolith_h3 | 2.0_alpha |
| horde | kronolith_h3 | 2.0.2_rc1 |
| horde | kronolith_h3 | 2.0.1 |
| horde | kronolith_h3 | 2.0_rc3 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde_application_framework | 2.1 |
| horde | horde_application_framework | 3.0.1 |
| horde | horde_application_framework | 1.0.4 |
| horde | horde_application_framework | 3.0.7 |
| horde | horde_application_framework | 2.2.4 |
| horde | horde_application_framework | 1.0.9 |
| horde | horde_application_framework | 1.2.1 |
| horde | horde_application_framework | 1.2.6 |
| horde | horde_application_framework | 2.2.7 |
| horde | horde_application_framework | 1.0.6 |
| horde | horde_application_framework | 3.0.4 |
| horde | horde_application_framework | 2.0 |
| horde | horde_application_framework | 1.0.3_3 |
| horde | horde_application_framework | 1.2.8 |
| horde | horde_application_framework | 2.2.5 |
| horde | horde_application_framework | 2.2.6 |
| horde | horde_application_framework | 1.0.2_1 |
| horde | horde_application_framework | 1.0.8 |
| horde | horde_application_framework | 2.2.8 |
| horde | horde_application_framework | 2.2.9 |
| horde | horde_application_framework | 3.0.3 |
| horde | horde_application_framework | 1.2.5 |
| horde | horde_application_framework | 1.0.11 |
| horde | horde_application_framework | 2.2.3 |
| horde | horde_application_framework | 1.2.2 |
| horde | horde_application_framework | 3.0.2 |
| horde | horde_application_framework | 3.0.6 |
| horde | horde_application_framework | 1.3.4 |
| horde | horde_application_framework | 1.0.3_4 |
| horde | horde_application_framework | 1.0.10 |
| horde | horde_application_framework | 2.2 |
| horde | horde_application_framework | 3.0.5 |
| horde | horde_application_framework | 1.0.5 |
| horde | horde_application_framework | 1.0.0 |
| horde | horde_application_framework | 1.0.3 |
| horde | horde_application_framework | 1.2.7 |
| horde | horde_application_framework | 1.2.3 |
| horde | horde_application_framework | 1.0.3_2 |
| horde | horde_application_framework | 1.2.4 |
| horde | horde_application_framework | 2.2.1 |
| horde | horde_application_framework | 1.2.0 |
| horde | horde_application_framework | 1.0.2 |
| horde | horde_application_framework | 1.3.3 |
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | nag_task_list_manager_h3 | 1.1.1 |
| horde | nag_task_list_manager_h3 | 2.0 |
| horde | nag_task_list_manager_h3 | 2.0.3 |
| horde | nag_task_list_manager_h3 | 2.0.1 |
| horde | nag_task_list_manager_h3 | 1.1.3 |
| horde | nag_task_list_manager_h3 | 1.1.2 |
| horde | nag_task_list_manager_h3 | 2.0.2 |
| horde | nag_task_list_manager_h3 | 1.1 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | turba_h3 | 2.0.1 |
| horde | turba_h3 | 2.0.3 |
| horde | turba_h3 | 2.0 |
| horde | turba_h3 | * |
| horde | turba_h3 | 2.0.2 |
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde | 1.2.5 |
| horde | horde | 3.0.1 |
| horde | horde | 3.0.2 |
| horde | horde | 3.0.7 |
| horde | horde | 2.1 |
| horde | horde | 1.2.7 |
| horde | horde | 3.0.4_rc2 |
| horde | horde | 2.2.9 |
| horde | horde | 3.0.4_rc1 |
| horde | horde | 1.2.4 |
| horde | horde | 3.0.3 |
| horde | horde | 2.2.4 |
| horde | horde | 2.1.3 |
| horde | horde | 3.0.9 |
| horde | horde | 1.2.8 |
| horde | horde | 2.2.4_rc1 |
| horde | horde | 1.2.2 |
| horde | horde | 1.2.6 |
| horde | horde | 1.2.1 |
| horde | horde | 3.0 |
| horde | horde | 2.2.8 |
| horde | horde | 3.0.8 |
| horde | horde | 2.2.5 |
| horde | horde | 2.0 |
| horde | horde | 2.2.7 |
| horde | horde | 3.0.4 |
| horde | horde | 2.2.3 |
| horde | horde | 2.2 |
| horde | horde | 2.2.1 |
| horde | horde | 3.0.6 |
| horde | horde | 1.2.3 |
| horde | horde | 1.2 |
| horde | horde | 2.2.6 |
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | application_framework | 3.0.2 |
| horde | application_framework | 3.0.8 |
| horde | application_framework | 3.0.6 |
| horde | application_framework | 3.0.1 |
| horde | application_framework | 3.0.4_rc2 |
| horde | application_framework | 3.0 |
| horde | application_framework | 3.0.4_rc1 |
| horde | application_framework | 3.0.4 |
| horde | application_framework | 3.0.7 |
| horde | application_framework | 3.0.9 |
| horde | application_framework | 3.1 |
| horde | application_framework | 3.0.3 |
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde | 3.0.4 |
| horde | horde | 3.0.1 |
| horde | horde | 3.0.2 |
| horde | horde | 3.0.4_rc1 |
| horde | horde | 3.0.7 |
| horde | horde | 3.0 |
| horde | horde | 3.0.3 |
| horde | horde | 3.0.8 |
| horde | horde | * |
| horde | horde | 3.0.6 |
| horde | horde | 3.0.4_rc2 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde | 3.0.1 |
| horde | horde | 3.0.2 |
| horde | horde | 3.0.7 |
| horde | horde | 3.0 |
| horde | horde | 3.0.8 |
| horde | horde | 3.0.4_rc2 |
| horde | horde | 3.0.4 |
| horde | horde | 3.1.1 |
| horde | horde | 3.0.4_rc1 |
| horde | horde | 3.0.3 |
| horde | horde | 3.0.6 |
| horde | horde | 3.0.9 |
| horde | horde | 3.1 |
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde_application_framework | 3.0.1 |
| horde | horde_application_framework | 3.0.0 |
| horde | horde_application_framework | 3.1.1 |
| horde | horde_application_framework | 3.0.3 |
| horde | horde_application_framework | 3.0.7 |
| horde | horde_application_framework | 3.0.2 |
| horde | horde_application_framework | 3.0.6 |
| horde | horde_application_framework | 3.0.8 |
| horde | horde_application_framework | 3.0.5 |
| horde | horde_application_framework | 3.0.4 |
| horde | horde_application_framework | 3.1.0 |
| horde | horde_application_framework | 3.0.10 |
| horde | horde_application_framework | 3.0.9 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | 1.0 |
Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 4.1.3 |
| horde | imp | 3.2.5 |
| horde | imp | 4.2.1 |
| horde | imp | 2.2.2 |
| horde | imp | 3.0 |
| horde | imp | 3.2 |
| horde | imp | 4.0.2 |
| horde | imp | 4.3.3 |
| horde | imp | 2.3 |
| horde | imp | 2.0 |
| horde | imp | 3.2.2 |
| horde | imp | 4.0 |
| horde | imp | 4.3 |
| horde | imp | 2.2.8 |
| horde | imp | 4.0.1 |
| horde | imp | 3.2.7 |
| horde | imp | 4.3.2 |
| horde | imp | 4.2 |
| horde | imp | 2.2.3 |
| horde | imp | 2.2.7 |
| horde | imp | 4.3.4 |
| horde | imp | 2.2.4 |
| horde | imp | 3.2.4 |
| horde | imp | 2.2.5 |
| horde | imp | 3.2.3 |
| horde | imp | 4.3.1 |
| horde | imp | 4.0.4 |
| horde | imp | 3.1.2 |
| horde | imp | 3.2.6 |
| horde | imp | 3.1 |
| horde | imp | 4.0.3 |
| horde | imp | 4.1.6 |
| horde | imp | 4.2.2 |
| horde | imp | 2.2.6 |
| horde | imp | 2.2 |
| horde | imp | 4.1.5 |
| horde | imp | 4.3.5 |
| horde | imp | 2.2.1 |
| horde | imp | 3.2.1 |
| horde | imp | * |
The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde | * |
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde_application_framework | 2.1 |
| horde | horde_application_framework | 3.0.1 |
| horde | horde_application_framework | * |
| horde | horde_application_framework | 3.0.7 |
| horde | horde_application_framework | 3.0.11 |
| horde | horde_application_framework | 3.3.6 |
| horde | horde_application_framework | 3.3.1 |
| horde | horde_application_framework | 1.3.2 |
| horde | horde_application_framework | 3.0.10 |
| horde | horde_application_framework | 3.1.4 |
| horde | horde_application_framework | 3.2 |
| horde | horde_application_framework | 3.0.9 |
| horde | horde_application_framework | 3.3 |
| horde | horde_application_framework | 3.0.12 |
| horde | horde_application_framework | 3.2.1 |
| horde | horde_application_framework | 2.2.9 |
| horde | horde_application_framework | 3.3.5 |
| horde | horde_application_framework | 2.2.3 |
| horde | horde_application_framework | 1.3.1 |
| horde | horde_application_framework | 3.1.9 |
| horde | horde_application_framework | 3.0.2 |
| horde | horde_application_framework | 2.2 |
| horde | horde_application_framework | 1.0.3 |
| horde | horde_application_framework | 2.2.2 |
| horde | horde_application_framework | 3.0 |
| horde | horde_application_framework | 3.1.7 |
| horde | horde_application_framework | 3.1.2 |
| horde | horde_application_framework | 2.2.1 |
| horde | horde_application_framework | 3.1 |
| horde | horde_application_framework | 3.2.5 |
| horde | horde_application_framework | 3.3.7 |
| horde | horde_application_framework | 2.2.4 |
| horde | horde_application_framework | 1.3.0 |
| horde | horde_application_framework | 2.2.7 |
| horde | horde_application_framework | 1.1.1 |
| horde | horde_application_framework | 3.1.3 |
| horde | horde_application_framework | 3.0.4 |
| horde | horde_application_framework | 3.1.6 |
| horde | horde_application_framework | 3.2.4 |
| horde | horde_application_framework | 2.0 |
| horde | horde_application_framework | 2.2.5 |
| horde | horde_application_framework | 2.2.6 |
| horde | horde_application_framework | 3.3.3 |
| horde | horde_application_framework | 3.3.2 |
| horde | horde_application_framework | 3.2.2 |
| horde | horde_application_framework | 3.2.3 |
| horde | horde_application_framework | 3.3.4 |
| horde | horde_application_framework | 3.1.1 |
| horde | horde_application_framework | 2.2.8 |
| horde | horde_application_framework | 3.0.3 |
| horde | horde_application_framework | 1.3.5 |
| horde | horde_application_framework | 3.0.6 |
| horde | horde_application_framework | 1.3.4 |
| horde | horde_application_framework | 3.0.8 |
| horde | horde_application_framework | 3.0.5 |
| horde | horde_application_framework | 3.1.8 |
| horde | horde_application_framework | 3.1.5 |
| horde | horde_application_framework | 1.3.3 |
Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | gollem | 1.0 |
| horde | gollem | 1.0.1 |
| horde | gollem | 1.0.3 |
| horde | gollem | 1.1 |
| horde | gollem | 1.0.2 |
| horde | gollem | * |
| horde | gollem | 1.0.4 |
Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | 1.0.4 |
| horde | groupware | 1.1.2 |
| horde | groupware | 1.2.3 |
| horde | groupware | 1.1.3 |
| horde | dynamic_imp | 1.1.1 |
| horde | groupware | 1.2.2 |
| horde | groupware | 1.2.5 |
| horde | dynamic_imp | 1.1 |
| horde | groupware | 1.0.6 |
| horde | groupware | 1.2 |
| horde | groupware | 1.0 |
| horde | dynamic_imp | * |
| horde | dynamic_imp | 1.1.3 |
| horde | groupware | 1.0.5 |
| horde | groupware | 1.0.3 |
| horde | groupware | 1.0.7 |
| horde | groupware | 1.2.1 |
| horde | groupware | 1.0.1 |
| horde | groupware | * |
| horde | groupware | 1.1.1 |
| horde | groupware | 1.0.2 |
| horde | groupware | 1.1.5 |
| horde | groupware | 1.2.4 |
| horde | groupware | 1.1 |
| horde | groupware | 1.1.6 |
| horde | groupware | 1.1.4 |
| horde | groupware | 1.0.8 |
| horde | dynamic_imp | 1.0 |
| horde | dynamic_imp | 1.1.2 |
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde_application_framework | 2.1 |
| horde | horde_application_framework | 3.0.1 |
| horde | horde_application_framework | * |
| horde | horde_application_framework | 3.0.7 |
| horde | horde_application_framework | 3.0.11 |
| horde | horde_application_framework | 3.3.6 |
| horde | horde_application_framework | 3.3.1 |
| horde | horde_application_framework | 1.3.2 |
| horde | horde_application_framework | 3.0.10 |
| horde | horde_application_framework | 3.1.4 |
| horde | horde_application_framework | 3.2 |
| horde | horde_application_framework | 3.0.9 |
| horde | horde_application_framework | 3.3 |
| horde | horde_application_framework | 3.0.12 |
| horde | horde_application_framework | 3.2.1 |
| horde | horde_application_framework | 2.2.9 |
| horde | horde_application_framework | 3.3.5 |
| horde | horde_application_framework | 2.2.3 |
| horde | horde_application_framework | 1.3.1 |
| horde | horde_application_framework | 3.1.9 |
| horde | horde_application_framework | 3.0.2 |
| horde | horde_application_framework | 2.2 |
| horde | horde_application_framework | 1.0.3 |
| horde | horde_application_framework | 2.2.2 |
| horde | horde_application_framework | 3.0 |
| horde | horde_application_framework | 3.1.7 |
| horde | horde_application_framework | 3.1.2 |
| horde | horde_application_framework | 2.2.1 |
| horde | horde_application_framework | 3.1 |
| horde | horde_application_framework | 3.2.5 |
| horde | horde_application_framework | 3.3.7 |
| horde | horde_application_framework | 2.2.4 |
| horde | horde_application_framework | 1.3.0 |
| horde | horde_application_framework | 2.2.7 |
| horde | horde_application_framework | 1.1.1 |
| horde | horde_application_framework | 3.1.3 |
| horde | horde_application_framework | 3.0.4 |
| horde | horde_application_framework | 3.1.6 |
| horde | horde_application_framework | 3.2.4 |
| horde | horde_application_framework | 2.0 |
| horde | horde_application_framework | 2.2.5 |
| horde | horde_application_framework | 2.2.6 |
| horde | horde_application_framework | 3.3.3 |
| horde | horde_application_framework | 3.3.2 |
| horde | horde_application_framework | 3.2.2 |
| horde | horde_application_framework | 3.2.3 |
| horde | horde_application_framework | 3.3.4 |
| horde | horde_application_framework | 3.1.1 |
| horde | horde_application_framework | 2.2.8 |
| horde | horde_application_framework | 3.0.3 |
| horde | horde_application_framework | 1.3.5 |
| horde | horde_application_framework | 3.0.6 |
| horde | horde_application_framework | 1.3.4 |
| horde | horde_application_framework | 3.0.8 |
| horde | horde_application_framework | 3.0.5 |
| horde | horde_application_framework | 3.1.8 |
| horde | horde_application_framework | 3.1.5 |
| horde | horde_application_framework | 1.3.3 |
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 4.1.3 |
| horde | imp | 4.2.1 |
| horde | imp | 3.2 |
| horde | imp | 4.3.3 |
| horde | groupware | 1.1.3 |
| horde | imp | 2.3 |
| horde | imp | 3.2.2 |
| horde | imp | 4.0 |
| horde | groupware | 1.2.2 |
| horde | groupware | 1.2.5 |
| horde | imp | 4.0.1 |
| horde | groupware | 1.2 |
| horde | imp | 3.2.7 |
| horde | imp | 4.3.2 |
| horde | imp | 4.2 |
| horde | imp | 4.3.4 |
| horde | imp | 2.2.4 |
| horde | imp | 2.2.5 |
| horde | imp | 4.3.1 |
| horde | groupware | * |
| horde | groupware | 1.0.2 |
| horde | groupware | 1.1.5 |
| horde | imp | 3.1.2 |
| horde | groupware | 1.2.4 |
| horde | imp | 4.0.3 |
| horde | groupware | 1.1.6 |
| horde | imp | 4.2.2 |
| horde | imp | 2.2 |
| horde | groupware | 1.0.8 |
| horde | imp | 4.1.5 |
| horde | imp | 2.2.1 |
| horde | imp | 3.2.1 |
| horde | groupware | 1.0.4 |
| horde | groupware | 1.1.2 |
| horde | imp | 3.2.5 |
| horde | groupware | 1.2.3 |
| horde | imp | 2.2.2 |
| horde | imp | 3.0 |
| horde | imp | 4.0.2 |
| horde | imp | 2.0 |
| horde | imp | 4.3 |
| horde | imp | 2.2.8 |
| horde | groupware | 1.0.6 |
| horde | groupware | 1.0 |
| horde | groupware | 1.0.5 |
| horde | groupware | 1.0.3 |
| horde | imp | 2.2.3 |
| horde | imp | 2.2.7 |
| horde | imp | 3.2.4 |
| horde | groupware | 1.0.7 |
| horde | groupware | 1.2.1 |
| horde | imp | 3.2.3 |
| horde | groupware | 1.0.1 |
| horde | groupware | 1.1.1 |
| horde | imp | 4.0.4 |
| horde | imp | 3.2.6 |
| horde | imp | 3.1 |
| horde | groupware | 1.1 |
| horde | imp | 4.1.6 |
| horde | groupware | 1.1.4 |
| horde | imp | 2.2.6 |
| horde | imp | 4.3.5 |
| horde | imp | 4.3.6 |
| horde | imp | * |
Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 4.1.3 |
| horde | imp | 4.2.1 |
| horde | imp | 3.2 |
| horde | imp | 4.3.3 |
| horde | groupware | 1.1.3 |
| horde | imp | 2.3 |
| horde | imp | 3.2.2 |
| horde | imp | 4.0 |
| horde | groupware | 1.2.2 |
| horde | groupware | 1.2.5 |
| horde | imp | 4.0.1 |
| horde | groupware | 1.2 |
| horde | imp | 3.2.7 |
| horde | imp | 4.3.2 |
| horde | imp | 4.2 |
| horde | imp | 4.3.4 |
| horde | imp | 2.2.4 |
| horde | imp | 2.2.5 |
| horde | imp | 4.3.1 |
| horde | groupware | * |
| horde | groupware | 1.0.2 |
| horde | groupware | 1.1.5 |
| horde | imp | 3.1.2 |
| horde | groupware | 1.2.4 |
| horde | imp | 4.0.3 |
| horde | groupware | 1.1.6 |
| horde | imp | 4.2.2 |
| horde | imp | 2.2 |
| horde | groupware | 1.0.8 |
| horde | imp | 4.1.5 |
| horde | imp | 2.2.1 |
| horde | imp | 3.2.1 |
| horde | groupware | 1.0.4 |
| horde | groupware | 1.1.2 |
| horde | imp | 3.2.5 |
| horde | groupware | 1.2.3 |
| horde | imp | 2.2.2 |
| horde | imp | 3.0 |
| horde | imp | 4.0.2 |
| horde | imp | 2.0 |
| horde | imp | 4.3 |
| horde | imp | 2.2.8 |
| horde | groupware | 1.0.6 |
| horde | groupware | 1.0 |
| horde | groupware | 1.0.5 |
| horde | groupware | 1.0.3 |
| horde | imp | 2.2.3 |
| horde | imp | 2.2.7 |
| horde | imp | 3.2.4 |
| horde | groupware | 1.0.7 |
| horde | groupware | 1.2.1 |
| horde | imp | 3.2.3 |
| horde | groupware | 1.0.1 |
| horde | groupware | 1.1.1 |
| horde | imp | 4.0.4 |
| horde | imp | 3.2.6 |
| horde | imp | 3.1 |
| horde | groupware | 1.1 |
| horde | imp | 4.1.6 |
| horde | groupware | 1.1.4 |
| horde | imp | 2.2.6 |
| horde | imp | 4.3.5 |
| horde | imp | 4.3.6 |
| horde | imp | * |
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware_webmail_edition | 1.0.4 |
| horde | dynamic_imp | 5.0.1 |
| horde | imp | 3.2 |
| horde | imp | 4.3.3 |
| horde | dynamic_imp | 5.0.12 |
| horde | dynamic_imp | 1.1 |
| horde | imp | 4.0.1 |
| horde | imp | 4.2 |
| horde | imp | 2.2.4 |
| horde | groupware_webmail_edition | 1.0 |
| horde | groupware_webmail_edition | 1.2.3 |
| horde | dynamic_imp | 5.0.13 |
| horde | groupware_webmail_edition | 1.1 |
| horde | imp | 2.2.5 |
| horde | imp | 4.3.1 |
| horde | imp | 4.3.8 |
| horde | groupware_webmail_edition | 1.2.1 |
| horde | groupware_webmail_edition | 1.2.2 |
| horde | imp | 3.1.2 |
| horde | groupware_webmail_edition | 1.0.7 |
| horde | groupware_webmail_edition | 1.2.8 |
| horde | imp | 4.0.3 |
| horde | groupware_webmail_edition | 1.2.7 |
| horde | groupware_webmail_edition | * |
| horde | dynamic_imp | 5.0 |
| horde | dynamic_imp | 5.0.8 |
| horde | groupware_webmail_edition | 1.2.6 |
| horde | imp | 2.2 |
| horde | groupware_webmail_edition | 1.1.3 |
| horde | groupware_webmail_edition | 1.2.9 |
| horde | imp | 4.1.5 |
| horde | dynamic_imp | 5.0.9 |
| horde | imp | 4.3.9 |
| horde | groupware_webmail_edition | 1.0.1 |
| horde | dynamic_imp | 1.1.5 |
| horde | groupware_webmail_edition | 1.1.1 |
| horde | groupware_webmail_edition | 4.0.3 |
| horde | groupware_webmail_edition | 1.2 |
| horde | imp | 5.0.1 |
| horde | imp | 4.3 |
| horde | groupware_webmail_edition | 1.1.4 |
| horde | groupware_webmail_edition | 1.1.5 |
| horde | groupware_webmail_edition | 1.2.5 |
| horde | groupware_webmail_edition | 4.0.1 |
| horde | dynamic_imp | 5.0.4 |
| horde | imp | 4.3.7 |
| horde | imp | 5.0.3 |
| horde | imp | 3.2.3 |
| horde | dynamic_imp | 5.0.15 |
| horde | imp | 3.2.6 |
| horde | imp | 5.0.2 |
| horde | groupware_webmail_edition | 1.0.8 |
| horde | imp | 2.2.6 |
| horde | imp | 4.3.5 |
| horde | dynamic_imp | 1.1.2 |
| horde | groupware_webmail_edition | 1.2.4 |
| horde | imp | 4.1.3 |
| horde | groupware_webmail_edition | 1.0.6 |
| horde | imp | 4.2.1 |
| horde | groupware_webmail_edition | 4.0.2 |
| horde | imp | 2.3 |
| horde | imp | 3.2.2 |
| horde | imp | 4.0 |
| horde | dynamic_imp | 5.0.10 |
| horde | dynamic_imp | 5.0.5 |
| horde | imp | 3.2.7 |
| horde | groupware_webmail_edition | 1.2.10 |
| horde | dynamic_imp | * |
| horde | dynamic_imp | 1.1.3 |
| horde | dynamic_imp | 5.0.16 |
| horde | imp | 4.3.2 |
| horde | dynamic_imp | 5.0.3 |
| horde | dynamic_imp | 5.0.7 |
| horde | imp | 4.3.4 |
| horde | dynamic_imp | 1.1.4 |
| horde | groupware_webmail_edition | 1.1.6 |
| horde | groupware_webmail_edition | 4.0 |
| horde | groupware_webmail_edition | 1.0.3 |
| horde | groupware_webmail_edition | 1.0.2 |
| horde | imp | 4.2.2 |
| horde | dynamic_imp | 5.0.6 |
| horde | dynamic_imp | 1.0 |
| horde | imp | 2.2.1 |
| horde | imp | 3.2.1 |
| horde | groupware_webmail_edition | 4.0.4 |
| horde | dynamic_imp | 5.0.2 |
| horde | imp | 3.2.5 |
| horde | imp | 2.2.2 |
| horde | imp | 3.0 |
| horde | imp | 4.0.2 |
| horde | dynamic_imp | 1.1.1 |
| horde | imp | 2.0 |
| horde | imp | 2.2.8 |
| horde | imp | 2.2.3 |
| horde | imp | 2.2.7 |
| horde | imp | 3.2.4 |
| horde | imp | 5.0.4-git |
| horde | dynamic_imp | 5.0.11 |
| horde | imp | 4.0.4 |
| horde | imp | 5.0 |
| horde | dynamic_imp | 5.0.14 |
| horde | imp | 3.1 |
| horde | groupware_webmail_edition | 1.0.5 |
| horde | imp | 4.1.6 |
| horde | dynamic_imp | 1.1.6 |
| horde | groupware_webmail_edition | 1.1.2 |
| horde | imp | 4.3.6 |
Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware_webmail_edition | 1.0.6 |
| horde | groupware_webmail_edition | 1.0.4 |
| horde | groupware_webmail_edition | 1.0.1 |
| horde | groupware_webmail_edition | 1.1.1 |
| horde | groupware_webmail_edition | 4.0.3 |
| horde | groupware_webmail_edition | 4.0.2 |
| horde | groupware_webmail_edition | 1.2 |
| horde | groupware_webmail_edition | 1.1.4 |
| horde | groupware_webmail_edition | 1.2.10 |
| horde | groupware_webmail_edition | 1.1.5 |
| horde | groupware_webmail_edition | 1.2.5 |
| horde | groupware_webmail_edition | 4.0.1 |
| horde | groupware_webmail_edition | 1.0 |
| horde | groupware_webmail_edition | 1.2.3 |
| horde | groupware_webmail_edition | 1.1 |
| horde | groupware_webmail_edition | 1.1.6 |
| horde | groupware_webmail_edition | 4.0 |
| horde | groupware_webmail_edition | 1.2.1 |
| horde | groupware_webmail_edition | 1.2.2 |
| horde | groupware_webmail_edition | 1.0.5 |
| horde | groupware_webmail_edition | 1.0.7 |
| horde | groupware_webmail_edition | 1.2.8 |
| horde | groupware_webmail_edition | 1.0.3 |
| horde | groupware_webmail_edition | 1.2.7 |
| horde | groupware_webmail_edition | * |
| horde | groupware_webmail_edition | 1.0.2 |
| horde | groupware_webmail_edition | 1.0.8 |
| horde | groupware_webmail_edition | 1.2.6 |
| horde | groupware_webmail_edition | 1.1.3 |
| horde | groupware_webmail_edition | 1.2.9 |
| horde | groupware_webmail_edition | 1.1.2 |
| horde | groupware_webmail_edition | 4.0.4 |
| horde | groupware_webmail_edition | 1.2.4 |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | kronolith_h4 | 3.0.5 |
| horde | kronolith_h4 | 3.0.14 |
| horde | kronolith_h4 | 3.0.15 |
| horde | kronolith_h4 | 3.0.2 |
| horde | kronolith_h4 | 3.0.11 |
| horde | kronolith_h4 | 3.0.12 |
| horde | kronolith_h4 | * |
| horde | kronolith_h4 | 3.0.7 |
| horde | kronolith_h4 | 3.0.10 |
| horde | kronolith_h4 | 3.0.1 |
| horde | kronolith_h4 | 3.0 |
| horde | kronolith_h4 | 3.0.9 |
| horde | kronolith_h4 | 3.0.13 |
| horde | kronolith_h4 | 3.0.4 |
| horde | kronolith_h4 | 3.0.6 |
| horde | kronolith_h4 | 3.0.8 |
| horde | kronolith_h4 | 3.0.3 |
Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | imp | 5.0.9 |
| horde | groupware | 4.0.6 |
| horde | imp | 5.0.6 |
| horde | imp | 5.0.10 |
| horde | imp | 5.0.1 |
| horde | imp | 5.0.15 |
| horde | imp | 5.0.19 |
| horde | imp | 5.0.8 |
| horde | imp | 5.0.11 |
| horde | groupware | 4.0.5 |
| horde | imp | 5.0.17 |
| horde | imp | 5.0.12 |
| horde | groupware | 4.0.2 |
| horde | imp | 5.0.4 |
| horde | groupware | 4.0.4 |
| horde | imp | 5.0.5 |
| horde | groupware | 4.0.3 |
| horde | groupware | 4.0 |
| horde | groupware | 4.0.7 |
| horde | imp | 5.0.3 |
| horde | imp | 5.0.7 |
| horde | groupware | * |
| horde | imp | 5.0 |
| horde | imp | 5.0.16 |
| horde | imp | 5.0.14 |
| horde | imp | 5.0.20 |
| horde | imp | 5.0.18 |
| horde | imp | 5.0.2 |
| horde | imp | 5.0.13 |
| horde | imp | * |
| horde | groupware | 4.0.1 |
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 10.0 |
| horde | groupware | * |
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 10.0 |
| horde | groupware | 5.1.2 |
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N | 1.6 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| opensuse | opensuse | 13.2 |
| debian | debian_linux | 8.0 |
| opensuse | opensuse | 13.1 |
| debian | debian_linux | 10.0 |
| horde | groupware | 5.1.2 |
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde_application_framework | 5.0.2 |
| horde | horde_application_framework | 5.0.4 |
| horde | horde_application_framework | 5.0.3 |
| horde | horde_application_framework | * |
| horde | horde_application_framework | 5.0.0 |
| horde | horde_application_framework | 5.0.1 |
The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde_ldap | * |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | 5.1.0 |
| horde | internet_mail_program | 6.0.3 |
| horde | internet_mail_program | 6.1.1 |
| horde | groupware | 5.1.3 |
| horde | groupware | 5.1.1 |
| horde | internet_mail_program | 6.0.2 |
| horde | internet_mail_program | 6.1.3 |
| horde | internet_mail_program | 6.0.0 |
| horde | internet_mail_program | * |
| horde | internet_mail_program | 6.0.5 |
| horde | internet_mail_program | 6.0.6 |
| horde | internet_mail_program | 6.0.1 |
| horde | groupware | 5.0.5 |
| horde | groupware | 5.0.1 |
| horde | internet_mail_program | 6.1.0 |
| horde | groupware | 5.0.3 |
| horde | internet_mail_program | 6.1.5 |
| horde | groupware | * |
| horde | internet_mail_program | 6.1.6 |
| horde | groupware | 5.0.4 |
| horde | internet_mail_program | 6.1.2 |
| horde | groupware | 5.0.0 |
| horde | groupware | 5.1.2 |
| horde | internet_mail_program | 6.1.4 |
| horde | groupware | 5.0.2 |
| horde | internet_mail_program | 6.0.4 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | 5.1.0 |
| horde | internet_mail_program | 6.0.3 |
| horde | internet_mail_program | 6.1.1 |
| horde | groupware | 5.1.3 |
| horde | groupware | 5.1.1 |
| horde | internet_mail_program | 6.0.2 |
| horde | internet_mail_program | 6.1.3 |
| horde | internet_mail_program | 6.0.0 |
| horde | internet_mail_program | * |
| horde | internet_mail_program | 6.0.5 |
| horde | internet_mail_program | 6.0.6 |
| horde | internet_mail_program | 6.0.1 |
| horde | groupware | 5.0.5 |
| horde | groupware | 5.0.1 |
| horde | internet_mail_program | 6.1.0 |
| horde | groupware | 5.0.3 |
| horde | internet_mail_program | 6.1.5 |
| horde | groupware | * |
| horde | internet_mail_program | 6.1.6 |
| horde | groupware | 5.0.4 |
| horde | internet_mail_program | 6.1.2 |
| horde | groupware | 5.0.0 |
| horde | groupware | 5.1.2 |
| horde | internet_mail_program | 6.1.4 |
| horde | groupware | 5.0.2 |
| horde | internet_mail_program | 6.0.4 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| horde | horde_application_framework | * |
| horde | groupware | * |
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 22 |
| fedoraproject | fedora | 23 |
| debian | debian_linux | 8.0 |
| horde | groupware | 5.2.11 |
Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 22 |
| fedoraproject | fedora | 23 |
| debian | debian_linux | 8.0 |
| horde | groupware | * |
| horde | horde_groupware | * |
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | 5.2.15 |
A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde_image_api | 2.0.9 |
| horde | horde_image_api | 2.3.4 |
| horde | horde_image_api | 2.0.5 |
| horde | horde_image_api | 2.4.1 |
| horde | horde_image_api | 2.3.2 |
| horde | horde_image_api | 2.0.3 |
| horde | horde_image_api | 2.0.0 |
| horde | horde_image_api | 2.2.0 |
| horde | horde_image_api | 2.5.0 |
| horde | horde_image_api | 2.1.0 |
| horde | horde_image_api | 2.3.3 |
| horde | horde_image_api | 2.3.6 |
| horde | horde_image_api | 2.3.1 |
| horde | horde_image_api | 2.4.0 |
| horde | horde_image_api | 2.0.6 |
| horde | horde_image_api | 2.0.4 |
| horde | horde_image_api | 2.0.8 |
| horde | horde_image_api | 2.0.1 |
| horde | horde_image_api | 2.3.0 |
| horde | horde_image_api | 2.0.2 |
| horde | horde_image_api | 2.5.1 |
| horde | horde_image_api | 2.0.7 |
| horde | horde_image_api | 2.3.5 |
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-425,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | 5.2.21 |
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | * |
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | 5.2.21 |
| horde | groupware | 5.2.19 |
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | 5.2.19 |
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | outlook | 2007 |
| r2mail2 | r2mail2 | - |
| roundcube | webmail | - |
| emclient | emclient | - |
| apple | - | |
| flipdogsolutions | maildroid | - |
| postbox-inc | postbox | - |
| horde | horde_imp | - |
| bloop | airmail | - |
| freron | mailmate | - |
| mozilla | thunderbird | - |
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | notes | - |
| microsoft | outlook | 2013 |
| r2mail2 | r2mail2 | - |
| ritlabs | the_bat | - |
| microsoft | outlook | 2010 |
| apple | - | |
| bloop | airmail | - |
| gmail | - | |
| freron | mailmate | - |
| kde | trojita | - |
| microsoft | outlook | 2007 |
| emclient | emclient | - |
| kde | kmail | - |
| microsoft | outlook | 2016 |
| 9folders | nine | - |
| flipdogsolutions | maildroid | - |
| postbox-inc | postbox | - |
| horde | horde_imp | - |
| gnome | evolution | - |
| mozilla | thunderbird | - |
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | * |
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | 5.0.3 |
| horde | groupware | 5.2.4 |
| horde | groupware | 5.1.0 |
| horde | groupware | 5.2.5 |
| horde | groupware | 5.1.3 |
| horde | groupware | 5.2.2 |
| horde | groupware | 5.2.1 |
| horde | groupware | 5.0.4 |
| horde | groupware | 5.1.1 |
| horde | groupware | 5.1.5 |
| horde | groupware | 5.0.0 |
| horde | groupware | 5.1.2 |
| horde | groupware | 5.0.2 |
| horde | groupware | 5.1.4 |
| horde | groupware | 5.2.3 |
| horde | groupware | 5.2.7 |
| horde | groupware | 5.2.6 |
| horde | groupware | 5.0.5 |
| horde | groupware | 5.2.0 |
| horde | groupware | 5.0.1 |
Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde_image | 2.0.3 |
| horde | horde_image | 2.4.2 |
| horde | horde_image | 2.3.6 |
| horde | horde_image | 2.2.1 |
| horde | horde_image | 2.0.4 |
| horde | horde_image | 2.4.1 |
| horde | horde_image | 2.3.3 |
| horde | horde_image | 2.0.2 |
| horde | horde_image | 2.0.9 |
| horde | horde_image | 2.1.1 |
| horde | horde_image | 2.3.1 |
| horde | horde_image | 2.3.5 |
| horde | horde_image | 2.4.0 |
| horde | horde_image | 2.3.7 |
| horde | horde_image | 2.0.6 |
| horde | horde_image | 2.1.10 |
| horde | horde_image | 2.2.0 |
| horde | horde_image | 2.0.7 |
| horde | horde_image | 2.1.0 |
| horde | horde_image | 2.0.5 |
| horde | horde_image | 2.3.0 |
| horde | horde_image | 2.3.4 |
| horde | horde_image | 2.0.0 |
| horde | horde_image | 2.0.1 |
| horde | horde_image | 2.1.8 |
| horde | horde_image | 2.3.2 |
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | horde_image_api | 2.0.9 |
| horde | horde_image_api | 2.3.4 |
| horde | horde_image_api | 2.0.5 |
| horde | horde_image_api | 2.4.1 |
| horde | horde_image_api | 2.3.2 |
| horde | horde_image_api | 2.0.3 |
| horde | horde_image_api | 2.0.0 |
| horde | horde_image_api | 2.2.0 |
| horde | horde_image_api | 2.1.0 |
| horde | horde_image_api | 2.3.3 |
| horde | horde_image_api | 2.3.6 |
| horde | horde_image_api | 2.3.1 |
| horde | horde_image_api | 2.4.0 |
| horde | horde_image_api | 2.0.6 |
| horde | horde_image_api | 2.0.4 |
| horde | horde_image_api | 2.0.8 |
| horde | horde_image_api | 2.0.1 |
| horde | horde_image_api | 2.3.0 |
| horde | horde_image_api | 2.0.2 |
| horde | horde_image_api | 2.0.7 |
| horde | horde_image_api | 2.3.5 |
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | * |
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | * |
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| debian | debian_linux | 8.0 |
| horde | groupware | 5.2.22 |
| horde | groupware | 5.2.17 |
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | gollem | * |
| horde | groupware | 5.2.22 |
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | * |
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 30 |
| debian | debian_linux | 8.0 |
| fedoraproject | fedora | 31 |
| horde | groupware | 5.2.22 |
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-23,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| horde | groupware | 5.2.22 |
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| horde | horde_form | * |
| horde | groupware | 5.2.22 |
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| horde | groupware | * |
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| horde | horde_mime_viewer | * |
| debian | debian_linux | 10.0 |
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.0 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| horde | groupware | * |
Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horde | groupware | 5.2.22 |