Linux Distros Unpatched Vulnerability : CVE-2019-9858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in...

SUSE CVE-2009-3236

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...

SUSE CVE-2012-0909

Cross-site scripting XSS vulnerability in HordeForm in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information...

Debian: Security Advisory (DLA-2162-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2162-1 : php-horde-form security update

A remote code execution vulnerability was discovered in the Form API component of the Horde Application Framework. An authenticated remote attacker could use this flaw to upload arbitrary content to an arbitrary writable location on the server and potentially execute code in the context of the we...

[SECURITY] [DLA 2162-1] php-horde-form security update

Package : php-horde-form Version : 2.0.8-2+deb8u2 CVE ID : CVE-2020-8866 Debian Bug : 955020 A remote code execution vulnerability was discovered in the Form API component of the Horde Application Framework. An authenticated remote attacker could use this flaw to upload arbitrary content to an...

Fedora 31 : php-horde-Horde-Form (2020-a55b70b4ab)

HordeForm 2.0.20 - mjr SECURITY: Prevent ability to specify temporary filename CVE-2020-8866, Reported By: Andrea Cardaci working with Trend Micro Zero Day Initiative. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

Fedora 30 : php-horde-Horde-Form (2020-a69f99bc67)

HordeForm 2.0.20 - mjr SECURITY: Prevent ability to specify temporary filename CVE-2020-8866, Reported By: Andrea Cardaci working with Trend Micro Zero Day Initiative. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

Fedora: Security Advisory for php-horde-Horde-Form (FEDORA-2020-d0288d8022)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for php-horde-Horde-Form (FEDORA-2020-a55b70b4ab)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for php-horde-Horde-Form (FEDORA-2020-a69f99bc67)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Debian DSA-4468-1 : php-horde-form - security update

A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution. C Tenable Netwo...

Debian: Security Advisory (DSA-4468-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4468-1] php-horde-form security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4468-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4468-1] php-horde-form security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4468-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2019 https://www.debian.org/security/faq -...

DSA-4468-1 php-horde-form - security update

Bulletin has no description...

Debian DLA-1822-1 : php-horde-form security update

The Horde Application Framework contained a remote code execution vulnerability. A remote attacker could use this flaw to use image uploads in forms to install and execute a file in an arbitrary writable location on the server. For Debian 8 'Jessie', this problem has been fixed in version...

Debian: Security Advisory (DLA-1822-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Horde Groupware Webmail <= 5.2.22 RCE Vulnerability - Linux

Horde Groupware Webmail is prone to an authenticated remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

[SECURITY] Fedora 29 Update: php-horde-Horde-Form-2.0.19-1.fc29

The HordeForm package provides form rendering, validation, and other functionality for the Horde Application Framework...