CVE-2019-12095

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...

EUVD-2019-3747

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-12095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to th...

Debian: Security Advisory (DLA-2175-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2175-1 : php-horde-trean security update

A directory traversal vulnerability resulting from insufficient input sanitization was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to execute code in the context of the web server user. For Debian 8 'Jessie', this problem has been fixed in...

DLA-2175-1 php-horde-trean - security update

Bulletin has no description...

CVE-2019-12095

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...

DEBIAN-CVE-2019-12095

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...

UBUNTU-CVE-2019-12095

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...

CVE-2019-12095

CVE-2019-12095 affects Horde Trean (Horde Groupware Webmail Edition up to 5.2.22 and related products). The flaw enables CSRF via the treanBookmarkTags parameter to the trean/ URI on a webmail server, with the note that treanBookmarkTags could carry a stored XSS payload. Public documents confirm ...

Horde Webmail 5.2.22 - Multiple Vulnerabilities

Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...

Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution Exploit

Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...