49 matches found
EUVD-2014-4862
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-7414
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled i...
SUSE CVE-2007-6018
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to 1 delete arbitrary e-mail messages via a modified numeric ID or 2 "purge" deleted emails via a crafted email message...
SUSE CVE-2008-7219
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not valida...
SUSE CVE-2010-3693
Cross-site scripting XSS vulnerability in Horde Dynamic IMP DIMP before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names...
SUSE CVE-2010-3695
Cross-site scripting XSS vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fmid parameter in a fetchmailprefssave action, related to the Fetchmail configuration...
SUSE CVE-2012-0791
Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname parameter to the...
CVE-2022-26874
lib/Horde/Mime/Viewer/Ooo.php in Horde MimeViewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering...
DEBIAN-CVE-2022-26874
lib/Horde/Mime/Viewer/Ooo.php in Horde MimeViewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering...
Design/Logic Flaw
lib/Horde/Mime/Viewer/Ooo.php in Horde MimeViewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering...
Debian DLA-2564-1 : php-horde-text-filter security update
Alex Birnberg discovered a cross-site scripting XSS vulnerability in the Horde Application Framework, more precisely its Text Filter API. An attacker could take control of a user's mailbox by sending a crafted e-mail. CVE-2021-26929 An XSS issue was discovered in Horde Groupware Webmail Edition...
CVE-2021-26929
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...
CVE-2021-26929
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...
CVE-2021-26929
CVE-2021-26929 affects Horde Groupware Webmail Edition up to 5.2.22 (Horde_Text_Filter before 2.3.7). The vulnerability is an XSS in which a attacker can send a plain text email containing JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, due to bespoke use ...
(0Day) Horde Groupware Webmail Edition Collection portal_layout Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Collection.php. When parsing the portallayout parameter, the process does no...
(0Day) Horde Groupware Webmail Edition attendees fb_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within attendees.php. When parsing the fbcals parameter, the process does not...
(0Day) Horde Groupware Webmail Edition prefs sync_calendars Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the synccalendars parameter, the process does not...
(0Day) Horde Groupware Webmail Edition Nag show_external Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the showexternal parameter, the process does not...
(0Day) Horde Groupware Webmail Edition Mnemo display_notepads Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Mnemo.php. When parsing the displaynotepads parameter, the process does not...
Horde Gollem Cross-Site Scripting Vulnerability
Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. Gollem is a file manager used in it. A cross-site scripting vulnerability exists in Horde Gollem versions prior to 3.0.13 used in Horde Groupware Webmail Edition version 5.2.22 and other products,...