Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:23 a.m.8 views

CVE-2019-9858

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...

8.8CVSS7.4AI score0.19165EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2019/06/24 12:0 a.m.31 views

Debian DSA-4468-1 : php-horde-form - security update

A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution. C Tenable Netwo...

8.8CVSS7.9AI score0.19165EPSS
Exploits3References5
Debian
Debian
added 2019/06/21 8:26 a.m.278 views

[SECURITY] [DSA 4468-1] php-horde-form security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4468-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2019 https://www.debian.org/security/faq -...

8.8CVSS8.8AI score0.19165EPSS
Exploits3
OpenVAS
OpenVAS
added 2019/06/04 12:0 a.m.42 views

Horde Groupware Webmail <= 5.2.22 RCE Vulnerability - Linux

Horde Groupware Webmail is prone to an authenticated remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

8.8CVSS8.8AI score0.19165EPSS
Exploits3References2
OSV
OSV
added 2019/05/29 5:29 p.m.6 views

UBUNTU-CVE-2019-9858

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...

8.8CVSS6.2AI score0.19165EPSS
Exploits3References9
Debian CVE
Debian CVE
added 2019/05/29 4:26 p.m.35 views

CVE-2019-9858

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...

8.8CVSS9AI score0.19165EPSS
Exploits3
CVE
CVE
added 2019/05/29 4:26 p.m.141 views

CVE-2019-9858

CVE-2019-9858 affects Horde Groupware Webmail (versions 5.2.22 and 5.2.17). The flaw is in Horde/Form/Type.php image upload handling: an unsanitized POST parameter object[photo][img][file] is used as the destination path for move_uploaded_file(), allowing an attacker to place a PHP file (e.g., vi...

8.8CVSS8.8AI score0.19165EPSS
Exploits3References5Affected Software1
Packet Storm
Packet Storm
added 2019/04/10 12:0 a.m.51 views

Horde Form Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Horde Form File Upload Vulnerability', 'Description' = %q Horde Groupware Webmail contains a flaw that allows an authenticated remote attacker to...

0.19165EPSS
Exploits3
Metasploit
Metasploit
added 2019/03/29 12:31 p.m.29 views

Horde Form File Upload Vulnerability

Horde Groupware Webmail contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. The exploitation requires the Turba subcomponent to be installed. This module was tested on Horde versions 5.2.22 and 5.2.17 running Horde Form subcomponent 'Horde Form File Upload...

8.8CVSS7.5AI score0.19165EPSS
Exploits3
Rows per page
Query Builder