3 matches found
CVE-2009-0932
The CVE-2009-0932 issue is a Local File Include/directory traversal vulnerability in Horde_Image::factory driver handling, enabling a remote attacker to include and execute local files. Affected products/versions include Horde framework before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, wi...
CVE-2008-3330
CVE-2008-3330 is an XSS vulnerability in Horde 3.2 and Turba 2.2, exploitable via the contact name in services/obrowser/index.php. The OpenVAS entries describe Horde Turba HTML/HTML-injection vulnerabilities due to insufficient input sanitization, with affected versions including Horde 3.1.7, 3.2...
CVE-2009-0931
CVE-2009-0931 affects Horde: tag cloud search (horde/services/portal/cloud_search.php) vulnerable in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5. The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unsp...