Lucene search
+L

110 matches found

Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.26 views

(0Day) Horde Groupware Webmail Edition attendees fb_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within attendees.php. When parsing the fbcals parameter, the process does not...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.27 views

(0Day) Horde Groupware Webmail Edition Nag show_external Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the showexternal parameter, the process does not...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.30 views

(0Day) Horde Groupware Webmail Edition prefs sync_calendars Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the synccalendars parameter, the process does not...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.32 views

(0Day) Horde Groupware Webmail Edition Mnemo display_notepads Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Mnemo.php. When parsing the displaynotepads parameter, the process does not...

6.3CVSS5.2AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.18 views

(0Day) Horde Groupware Webmail Edition Poll nav_poll Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Poll.php. When parsing the navpoll parameter, the process does not properly...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.22 views

(0Day) Horde Groupware Webmail Edition Ui generateUI Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Ui.php. The issue results from the lack of proper validation of user-supplie...

6.3CVSS3AI score
Exploits0
CNVD
CNVD
added 2020/05/19 12:0 a.m.4 views

Horde Gollem Cross-Site Scripting Vulnerability

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. Gollem is a file manager used in it. A cross-site scripting vulnerability exists in Horde Gollem versions prior to 3.0.13 used in Horde Groupware Webmail Edition version 5.2.22 and other products,...

6.1CVSS6.4AI score0.00974EPSS
Exploits0References1
NVD
NVD
added 2020/05/18 3:15 p.m.23 views

CVE-2020-8035

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL...

6.1CVSS5.9AI score0.00881EPSS
Exploits0References3
OSV
OSV
added 2020/05/18 3:15 p.m.5 views

DEBIAN-CVE-2020-8035

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL...

6.1CVSS5.6AI score0.00881EPSS
Exploits0References1
OSV
OSV
added 2020/03/23 9:15 p.m.21 views

CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

6.3CVSS6.7AI score
Exploits0References2
OSV
OSV
added 2020/03/23 9:15 p.m.2 views

DEBIAN-CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

6.3CVSS5.8AI score0.06808EPSS
Exploits4References1
OSV
OSV
added 2020/03/23 9:15 p.m.4 views

UBUNTU-CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

6.3CVSS6.3AI score0.06808EPSS
Exploits4References6
OSV
OSV
added 2020/03/23 9:15 p.m.5 views

UBUNTU-CVE-2020-8866

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of...

6.5CVSS5.8AI score0.09579EPSS
Exploits4References5
CVE
CVE
added 2020/03/23 8:15 p.m.80 views

CVE-2020-8866

CVE-2020-8866 affects Horde Groupware Webmail Edition 5.2.22, with a flaw in add.php where insufficient validation of user-supplied data allows remote attackers (authenticated) to upload arbitrary files. This can enable code execution in the www-data context when combined with other vulnerabiliti...

6.5CVSS6.5AI score0.09579EPSS
Exploits4References3Affected Software2
Debian CVE
Debian CVE
added 2020/03/23 8:15 p.m.51 views

CVE-2020-8866

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of...

6.5CVSS5AI score0.09579EPSS
Exploits4
0day.today
0day.today
added 2020/03/12 12:0 a.m.131 views

Horde Groupware Webmail Edition 5.2.22 - PHAR Loading Exploit

Exploit for php platform in category web applications exploit-phar-loading.py !/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMPDIR = '/tmp' WWWROOT = '/var/www/html' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password =...

0.1AI score0.09579EPSS
Exploits4
Zero Day Initiative
Zero Day Initiative
added 2020/03/10 12:0 a.m.27 views

Horde Groupware Webmail Edition edit Page Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process does not...

6.3CVSS3.5AI score0.06808EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2020/03/10 12:0 a.m.10 views

PT-2020-20336 · Horde · Horde Groupware Webmail Edition

Name of the Vulnerable Software and Affected Versions: Horde Groupware Webmail Edition version 5.2.22 Description: This issue allows remote attackers to execute local PHP files on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the edit.ph...

6.5CVSS6.3AI score0.06808EPSS
Exploits4References20
OSV
OSV
added 2020/02/17 3:15 p.m.2 views

UBUNTU-CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

9.8CVSS7.6AI score0.71728EPSS
Exploits5References5
Positive Technologies
Positive Technologies
added 2020/02/17 12:0 a.m.3 views

PT-2020-20192 · Horde · Horde Groupware Webmail Edition

Name of the Vulnerable Software and Affected Versions: Horde Groupware Webmail Edition version 5.2.22 Description: The issue allows injection of arbitrary PHP code via CSV data, leading to remote code execution. Recommendations: For Horde Groupware Webmail Edition version 5.2.22, consider disabli...

9.8CVSS8AI score0.71728EPSS
Exploits5References28
Rows per page
Query Builder