Filtered by vendor Horde
Subscribe
Total
114 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2783 | 1 Horde | 3 Groupware, Groupware Webmail Edition, Kronolith | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-3236 | 1 Horde | 2 Application Framework, Groupware | 2024-02-04 | 4.3 MEDIUM | N/A |
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements. | |||||
CVE-2008-5917 | 2 Horde, Microsoft | 2 Application Framework, Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. | |||||
CVE-2008-7218 | 1 Horde | 7 Groupware, Groupware Webmail Edition, Horde and 4 more | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors. | |||||
CVE-2008-7219 | 1 Horde | 5 Groupware, Groupware Webmail Edition, Kronolith H3 and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. | |||||
CVE-2008-1974 | 1 Horde | 2 Groupware, Groupware Webmail Edition | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
CVE-2008-0807 | 2 Debian, Horde | 4 Debian Linux, Groupware, Groupware Webmail Edition and 1 more | 2024-02-04 | 4.9 MEDIUM | N/A |
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book. | |||||
CVE-2008-1284 | 1 Horde | 3 Groupware, Groupware Webmail Edition, Horde | 2024-02-04 | 6.0 MEDIUM | N/A |
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. | |||||
CVE-2006-6175 | 1 Horde | 1 Kronolith | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter. | |||||
CVE-2007-0579 | 1 Horde | 1 Groupware | 2024-02-04 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
CVE-2006-5449 | 1 Horde | 1 Ingo H3 | 2024-02-04 | 6.5 MEDIUM | N/A |
procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule. | |||||
CVE-2007-1515 | 1 Horde | 1 Imp | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-1473 | 1 Horde | 1 Horde Application Framework | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. | |||||
CVE-2007-1474 | 1 Horde | 2 Horde Application Framework, Imp | 2024-02-04 | 6.8 MEDIUM | N/A |
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. | |||||
CVE-2007-6018 | 1 Horde | 4 Framework, Groupware Webmail Edition, Horde and 1 more | 2024-02-04 | 5.8 MEDIUM | N/A |
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. | |||||
CVE-2005-4189 | 1 Horde | 1 Kronolith H3 | 2024-02-04 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors. | |||||
CVE-2005-0378 | 1 Horde | 1 Horde | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. | |||||
CVE-2005-1313 | 1 Horde | 1 Passwd | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
CVE-2005-1322 | 1 Horde | 1 Nag | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
CVE-2006-1491 | 1 Horde | 1 Application Framework | 2024-02-04 | 7.5 HIGH | N/A |
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. |