Lucene search
MitreCVELIST:CVE-2017-16908HistoryNov 20, 2017 - 8:00 p.m.
CVE-2017-16908
2017-11-2020:00:00
mitre
www.cve.org
6
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.
Related
debian
debian
[SECURITY] [DLA 2350-1] php-horde-kronolith security update
2020-08-29 19:39:00
debiancve
debiancve
CVE-2017-16908
2017-11-20 20:29:00
CVE-2015-7984
2015-11-19 20:59:09
ubuntucve
ubuntucve
CVE-2017-16908
2017-11-20 00:00:00
CVE-2015-7984
2015-11-19 00:00:00
prion
prion
Cross site request forgery (csrf)
2017-11-20 20:29:00
Cross site request forgery (csrf)
2015-11-19 20:59:00
osv
osv
CVE-2017-16908
2017-11-20 20:29:00
php-horde-kronolith - security update
2020-08-29 00:00:00
nvd
nvd
CVE-2017-16908
2017-11-20 20:29:00
CVE-2015-7984
2015-11-19 20:59:09
nessus
nessus
Debian DLA-2350-1 : php-horde-kronolith security update
2020-08-31 00:00:00
Debian DSA-3391-1 : php-horde - security update
2015-11-04 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2350-1)
2020-08-30 00:00:00
Debian: Security Advisory (DSA-3391-1)
2015-11-02 00:00:00
Debian Security Advisory DSA 3391-1 (php-horde - security update)
2015-11-03 00:00:00
cve
cve
CVE-2017-16908
2017-11-20 20:29:00
CVE-2015-7984
2015-11-19 20:59:09
htbridge
htbridge
RCE and SQL injection via CSRF in Horde Groupware
2015-09-30 00:00:00
exploitpack
exploitpack
Horde Groupware 5.2.10 - Cross-Site Request Forgery
2015-11-19 00:00:00
zdt
zdt
Horde Groupware 5.2.10 Cross Site Request Forgery Vulnerability
2015-11-19 00:00:00
cvelist
cvelist
CVE-2015-7984
2015-11-19 20:00:00
packetstorm
packetstorm
Horde Groupware 5.2.10 Cross Site Request Forgery
2015-11-19 00:00:00
exploitdb
exploitdb
Horde Groupware 5.2.10 - Cross-Site Request Forgery
2015-11-19 00:00:00