Linux Distros Unpatched Vulnerability : CVE-2020-8034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting XSS vulnerability vi...

SUSE CVE-2005-1319

Cross-site scripting XSS vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title...

The vulnerability of the create function in the Horde Webmail software allows a hacker to execute arbitrary code.

The vulnerability of the create function in the Horde Webmail software exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email

A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over th...

Horde Webmail 5.2.22 - Account Takeover via Email

Horde Webmail is a free, enterprise-ready, and browser-based communication suite developed by the Horde project. It is a popular webmail solution for universities and government agencies to exchange sensitive email messages on a daily basis. It is also shipped as part of the popular hosting...

DEBIAN-CVE-2021-26929

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...

DEBIAN-CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

Horde Webmail 5.2.22 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...

Horde Webmail 5.2.22 - Multiple Vulnerabilities

Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...

Horde Webmail 5.2.22 - Multiple Vulnerabilities

Horde Webmail 5.2.22 - Multiple Vulnerabilities Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...

Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution Exploit

Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...

Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution

Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params = 'iframe=0&popup=0&newFolder=&actionID=addbookmark&url=http%3A%2F%2Ftest.com&title=vulnerability&description=vulnerability&treanBookmarkTags=%22%3...

Horde Webmail < 5.2.19 RCE Vulnerability

The HordeCrypt library used in Horde Webmail is prone to a remote code execution RCE vulnerability if the PGP feature is enabled. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

UBUNTU-CVE-2017-7413

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email...

Horde Groupware and Horde Groupware Webmail Cross-Site Scripting Vulnerabilities

Horde Groupware and Horde Groupware Webmail Edition are both products of Horde Corporation, USA.Horde Groupware is a free browser based on the Collaboration Suite.Horde Groupware Webmail is a free enterprise browser based on the Communication Suite. Horde Text Filter API is one of the methods for...

Horde Webmail < 5.2.16 Multiple Vulnerabilities

Horde Webmail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:horde:hordegroupware"; if...

MIT Open Redirect

URL Open Redirect on WEBMAIL of Massachusetts Institute of Technology Risk: Low CWE number: CWE-601 Date: 11/11/2014 Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on Linux Ubuntu 14.04 ; Mozilla Firefox 33.0 Vulnerable File: go.php Exploit: +...

Horde Webmail 1.0.6 - 'addevent.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28898/info Horde Webmail is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the...

Horde Webmail 5.1 - Open Redirect Vulnerability

No description provided by source. + Horde webmail - Open Redirect Vulnerability + Date: 31/03/2014 + Risk: Low + Remote: Yes + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.horde.org/apps/webmail + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable...

Horde Webmail <= 5.1 Open Redirect Vulnerability - Active Check

Horde Webmail is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:horde:hordegroupware";...