EUVD-2022-52239

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-8035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image...

Linux Distros Unpatched Vulnerability : CVE-2013-6365

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions CVE-2013-6365 Note that Nessus relies on the presence of the package as reported by...

Linux Distros Unpatched Vulnerability : CVE-2020-8865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is...

Linux Distros Unpatched Vulnerability : CVE-2022-26874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/Horde/Mime/Viewer/Ooo.php in Horde MimeViewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail...

CVE-2019-9858

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...

SUSE CVE-2008-3650

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 final have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting XSS, in the 1 object browser and 2 contact view...

SUSE CVE-2012-6640

Cross-site scripting XSS vulnerability in Horde Internet Mail Program IMP before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565...

Horde Groupware Webmail <= 5.2.22 RCE Vulnerability (May 2022)

Horde Groupware Webmail is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

DEBIAN-CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...

Horde Groupware Webmail 跨站请求伪造漏洞

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. PHP is a scripting language that executes on the server side. A cross-site request forgery vulnerability exists in Horde Groupware Webmail that stems from insufficient authentication of the source o...

CVE-2022-26874

lib/Horde/Mime/Viewer/Ooo.php in Horde MimeViewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering...

Design/Logic Flaw

lib/Horde/Mime/Viewer/Ooo.php in Horde MimeViewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering...

CVE-2022-26874

lib/Horde/Mime/Viewer/Ooo.php in Horde MimeViewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering...

Horde Groupware Webmail 跨站脚本漏洞

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. A security vulnerability exists in the lib/Horde/Mime/Viewer/Ooo.php file in Horde Groupware Webmail. The vulnerability stems from the fact that the file allows cross-site scripting attacks utilizin...

Horde Groupware Webmail <= 5.2.22 XSS Vulnerability - Linux

Horde Groupware Webmail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Horde Groupware Webmail 5.2.22 Cross Site Scripting

Exploit Title: Horde Groupware Webmail 5.2.22 - Stored XSS Author: Alex Birnberg Testing and Debugging: Ventsislav Varbanovski @nu11secur1ty Date: 04.14.2021 Vendor: https://www.horde.org/apps/webmail Link: https://github.com/horde/webmail/releases CVE: CVE-2021-26929 + Exploit Source:...

Cross-site Scripting (XSS)

Horde Groupware Webmail Edition is vulnerable to cross-site scripting XSS. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS...

CVE-2021-26929

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...

CVE-2021-26929

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...