EUVD-2005-1322

Malware in sbrugna...

EUVD-2001-0840

Malware in sbrugna...

IMP 安全漏洞

IMP is an open source web-based webmail system from Horde. A security vulnerability exists in IMP version 6.2.27 and earlier, which originates from a specially crafted HTML email that could lead to account takeover...

SUSE CVE-2007-6018

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to 1 delete arbitrary e-mail messages via a modified numeric ID or 2 "purge" deleted emails via a crafted email message...

[SECURITY] Fedora 24 Update: php-horde-ingo-3.2.15-1.fc24

Ingo is an email-filter management application. It is fully internationalized, integrated with Horde and the IMP Webmail client, and supports both server-side Sieve, Procmail, Maildrop and client-side IMAP message filtering...

[SECURITY] Fedora 21 Update: php-horde-ingo-3.2.7-1.fc21

Ingo is an email-filter management application. It is fully internationalized, integrated with Horde and the IMP Webmail client, and supports both server-side Sieve, Procmail, Maildrop and client-side IMAP message filtering...

[SECURITY] Fedora 22 Update: php-horde-ingo-3.2.7-1.fc22

Ingo is an email-filter management application. It is fully internationalized, integrated with Horde and the IMP Webmail client, and supports both server-side Sieve, Procmail, Maildrop and client-side IMAP message filtering...

[SECURITY] Fedora 23 Update: php-horde-imp-6.2.11-1.fc23

IMP, the Internet Mail Program, is one of the most popular and widely deployed open source webmail applications in the world. It allows universal, web-based access to IMAP and POP3 mail servers and provides Ajax, mobile and traditional interfaces with a rich range of features normally found only ...

Horde IMP Webmail <= 4.0.4 Client Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/22975/info Horde IMP Webmail Client is prone to multiple input-validation vulnerabilities, including cross-site scripting and an HTML-injection issue, because the application fails to properly sanitize user-supplied input...

Horde IMP Webmail fetchmailprefs.php存储式跨站脚本漏洞

BUGTRAQ ID: 43515 IMP是一款基于Web的强大的邮件程序，由Horde项目组开发，可使用在Linux/Unix或者Windows操作系统下。 IMP Webmail没有正确地过滤提交给fetchmailprefs.php脚本的fmid URL参数，远程攻击者可以通过提交恶意URL请求执行存储式跨站脚本攻击。当用户访问邮件获取偏好页面时就会执行所注入的代码。 Horde IMP 4.3.7 厂商补丁： Horde ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Horde IMP Webmail 4.3.7 - &#039;fetchmailprefs.php&#039; HTML Injection

source: https://www.securityfocus.com/bid/43515/info Horde IMP Webmail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data before it is used in dynamic content. Attacker-supplied HTML or JavaScript code could run in the context of the affected...

CVE-2007-6018

CVE-2007-6018 affects IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3, where insufficient validation of HTTP requests allows a remote attacker to (1) delete arbitrary emails via a modified numeric ID and (2) purge deleted emails via a crafted...

[Full-disclosure] Horde IMP Webmail Client version H3 &#40;4.1.4&#41; fixes multiple XSS issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Horde IMP Webmail Client version H3 4.1.4 was released a few hours ago. It contains fixes for 2 XSS issues compared to 4.1.4 RC1. 1. Script injection through email subject lines in threaded view Subject lines of emails, when displayed in vulnerabl...

Horde IMP Webmail 4.0.4 Client - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/22975/info Horde IMP Webmail Client is prone to multiple input-validation vulnerabilities, including cross-site scripting and an HTML-injection issue, because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and scrip...

[SA15077] Horde IMP Parent Frame Page Title Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Horde IMP Parent Frame Page Title Cross-Site Scripting...

CVE-2005-1319

CVE-2005-1319 describes a cross-site scripting (XSS) vulnerability in the Horde IMP Webmail client, affecting versions prior to 3.2.8. The root cause is unsanitized input used to set the parent frame page title, allowing remote attackers to inject arbitrary script/HTML. Public references (NVD, SU...

CVE-2005-1319

Cross-site scripting XSS vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title...

CVE-2001-0857

CVE-2001-0857 applies to Imp Webmail prior to version 2.2.7, where status.php3 is vulnerable to a cross-site scripting (XSS) flaw via the message parameter that can enable session hijacking. The connected Nessus plugin notes that IMP

CVE-2001-0857

Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter...

CVE-2001-0857

Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter...