Lucene search
K

1800 matches found

Nuclei
Nuclei
added yesterday82 views

Horde Groupware Unauthenticated Admin Access

Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account wi...

10CVSS6.1AI score0.07986EPSS
Exploits0References5
NVD
NVD
added 6 days ago11 views

CVE-2026-60102

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS0.01803EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-60102 Horde VFS < 3.0.1 OS Command Injection via Horde_Vfs_Smb Driver

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS0.01803EPSS
Exploits0References4
CVE
CVE
added 6 days ago20 views

CVE-2026-60102

The vulnerability is in Horde VFS API before 3.0.1, specifically the Horde_Vfs_Smb driver. The _escapeShellCommand() function fails to sanitize command substitution, allowing authenticated attackers to inject arbitrary shell commands via user-controlled filenames. Malicious filenames containing u...

8.8CVSS6.2AI score0.01803EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-60102

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS6.2AI score0.01803EPSS
Exploits0References5
Debian CVE
Debian CVE
added 6 days ago6 views

CVE-2026-60102

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS6.2AI score0.01803EPSS
Exploits0
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42340

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS6.2AI score0.01803EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56520

Name of the Vulnerable Software and Affected Versions Horde Virtual File System VFS API versions prior to 3.0.1 Description The Horde Vfs Smb driver contains an OS command injection flaw where the escapeShellCommand method does not properly sanitize command substitution sequences. Authenticated...

8.8CVSS6.2AI score0.01803EPSS
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 9:23 p.m.12 views

Malicious code in horde-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2ae9afcd7af22c82b137c1142ae643502d82f3d1f28712b2e5c7ec412bea85e horde-python-client 99999.0.0 is a dependency-confusion lure. On import hordepythonclient, a daemon thread unconditionally POSTs a JSON payload...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/02 9:23 p.m.3 views

MAL-2026-6734 Malicious code in horde-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2ae9afcd7af22c82b137c1142ae643502d82f3d1f28712b2e5c7ec412bea85e horde-python-client 99999.0.0 is a dependency-confusion lure. On import hordepythonclient, a daemon thread unconditionally POSTs a JSON payload...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/07/02 9:11 p.m.5 views

MAL-2026-6732 Malicious code in unreal-horde-dashboard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15cf7eca1e6de1e7ecc5fe67d8094125f20f6ca4256e843b72e89760c97888b8 [email protected] executes a preinstall script that runs automatically on npm install. The script collects host identifiers hostname,...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 9:11 p.m.11 views

Malicious code in unreal-horde-dashboard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15cf7eca1e6de1e7ecc5fe67d8094125f20f6ca4256e843b72e89760c97888b8 [email protected] executes a preinstall script that runs automatically on npm install. The script collects host identifiers hostname,...

5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-58451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server...

7.1CVSS6.1AI score0.00379EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 7:16 p.m.9 views

CVE-2026-58451

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...

7.1CVSS0.00379EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/01 6:16 p.m.38 views

CVE-2026-58451 Horde IMP < 7.0.1 Path Traversal via Compose.php img src

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...

7.1CVSS0.00379EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/07/01 6:16 p.m.7 views

CVE-2026-58451 Horde IMP < 7.0.1 Path Traversal via Compose.php img src

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 6:16 p.m.23 views

CVE-2026-58451

CVE-2026-58451 concerns Horde IMP prior to 7.0.1. A path traversal flaw in lib/Compose.php enables an authenticated attacker to read arbitrary server files by inserting traversal sequences after the CKEditor path prefix in img src URLs. The issue circumvents prefix validation by appending travers...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54913

Name of the Vulnerable Software and Affected Versions Horde IMP versions prior to 7.0.1 Description A path traversal issue exists in the lib/Compose.php file. Authenticated attackers can read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix ...

7.1CVSS6.1AI score0.00379EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/09 12:51 p.m.9 views

CVE-2014-4945

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic 1 mailbox or 2 message view...

4.3CVSS5.9AI score0.01312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:50 p.m.10 views

CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

4.3CVSS5.9AI score0.01312EPSS
Exploits0References1
Rows per page
Query Builder