1801 matches found
Horde Groupware Unauthenticated Admin Access
Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account wi...
Linux Distros Unpatched Vulnerability : CVE-2026-60102
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fail...
CVE-2026-60102
Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...
CVE-2026-60102
Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...
CVE-2026-60102
Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...
EUVD-2026-42340
Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...
CVE-2026-60102 Horde VFS < 3.0.1 OS Command Injection via Horde_Vfs_Smb Driver
Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...
CVE-2026-60102
The vulnerability is in Horde VFS API before 3.0.1, specifically the Horde_Vfs_Smb driver. The _escapeShellCommand() function fails to sanitize command substitution, allowing authenticated attackers to inject arbitrary shell commands via user-controlled filenames. Malicious filenames containing u...
PT-2026-56520
Name of the Vulnerable Software and Affected Versions Horde Virtual File System VFS API versions prior to 3.0.1 Description The Horde Vfs Smb driver contains an OS command injection flaw where the escapeShellCommand method does not properly sanitize command substitution sequences. Authenticated...
Malicious code in horde-python-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2ae9afcd7af22c82b137c1142ae643502d82f3d1f28712b2e5c7ec412bea85e horde-python-client 99999.0.0 is a dependency-confusion lure. On import hordepythonclient, a daemon thread unconditionally POSTs a JSON payload...
MAL-2026-6734 Malicious code in horde-python-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2ae9afcd7af22c82b137c1142ae643502d82f3d1f28712b2e5c7ec412bea85e horde-python-client 99999.0.0 is a dependency-confusion lure. On import hordepythonclient, a daemon thread unconditionally POSTs a JSON payload...
Malicious code in unreal-horde-dashboard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15cf7eca1e6de1e7ecc5fe67d8094125f20f6ca4256e843b72e89760c97888b8 [email protected] executes a preinstall script that runs automatically on npm install. The script collects host identifiers hostname,...
MAL-2026-6732 Malicious code in unreal-horde-dashboard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15cf7eca1e6de1e7ecc5fe67d8094125f20f6ca4256e843b72e89760c97888b8 [email protected] executes a preinstall script that runs automatically on npm install. The script collects host identifiers hostname,...
Linux Distros Unpatched Vulnerability : CVE-2026-58451
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server...
CVE-2026-58451
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...
CVE-2026-58451 Horde IMP < 7.0.1 Path Traversal via Compose.php img src
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...
CVE-2026-58451 Horde IMP < 7.0.1 Path Traversal via Compose.php img src
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...
CVE-2026-58451
CVE-2026-58451 concerns Horde IMP prior to 7.0.1. A path traversal flaw in lib/Compose.php enables an authenticated attacker to read arbitrary server files by inserting traversal sequences after the CKEditor path prefix in img src URLs. The issue circumvents prefix validation by appending travers...
PT-2026-54913
Name of the Vulnerable Software and Affected Versions Horde IMP versions prior to 7.0.1 Description A path traversal issue exists in the lib/Compose.php file. Authenticated attackers can read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix ...
CVE-2014-4945
Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic 1 mailbox or 2 message view...