46 matches found
CVE-2020-8518
CVE-2020-8518 is an RCE in Horde Groupware Webmail Edition 5.2.22 via CSV data import, caused by arbitrary PHP code injection in the Horde_Data component. The vulnerability allows authenticated users to execute code on the server hosting the web application. Affected versions include Horde Groupw...
CVE-2021-26929
CVE-2021-26929 affects Horde Groupware Webmail Edition up to 5.2.22 (Horde_Text_Filter before 2.3.7). The vulnerability is an XSS in which a attacker can send a plain text email containing JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, due to bespoke use ...
CVE-2012-0209
CVE-2012-0209 corresponds to a backdoor backdoor in Horde 3.3.12 and Horde Groupware 1.2.10/1.2.10 Webmail, introduced via an unauthorized modification in templates/javascript/open_calendar.js. Affected packages include Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2...
CVE-2019-9858
CVE-2019-9858 affects Horde Groupware Webmail (versions 5.2.22 and 5.2.17). The flaw is in Horde/Form/Type.php image upload handling: an unsanitized POST parameter object[photo][img][file] is used as the destination path for move_uploaded_file(), allowing an attacker to place a PHP file (e.g., vi...
CVE-2019-12095
CVE-2019-12095 affects Horde Trean (Horde Groupware Webmail Edition up to 5.2.22 and related products). The flaw enables CSRF via the treanBookmarkTags parameter to the trean/ URI on a webmail server, with the note that treanBookmarkTags could carry a stored XSS payload. Public documents confirm ...
CVE-2019-12094
CVE-2019-12094 affects Horde Groupware Webmail Edition through 5.2.22. The vulnerability allows XSS via crafted URIs such as admin/user.php?form=update_f&user_name=, admin/user.php?form=remove_f&user_name=, or admin/config/diff.php?app=, as documented in the CVE entry and OSV/NVD references. The ...
CVE-2022-30287
CVE-2022-30287 affects Horde Groupware Webmail Edition up to 5.2.22, enabling a reflection injection that allows arbitrary deserialization of PHP objects via a driver-class instantiation. Debian advisories note fixes in php-horde-turba: 4.2.25-5+deb11u2 for Debian 11 (and related LTS advisories f...
CVE-2020-8034
CVE-2020-8034 affects Gollem before 3.0.13 (used in Horde Groupware Webmail Edition 5.2.22 and other products). The vulnerability is a reflected XSS via the HTTP GET dir parameter in the browser functionality, impacting breadcrumb output. Exploitation can lead to an attacker gaining access to a v...
CVE-2020-8035
Affected software: Horde Groupware Webmail Edition. Vulnerability: stored XSS via SVG image uploads, enabling a remote attacker to obtain access to a victim’s webmail account. Affected versions are Horde Groupware Webmail Edition prior to 5.2.22. Risk details are stated in the connected documents...
CVE-2009-3236
CVE-2009-3236 affects Horde Application Framework 3.2 (before 3.2.5) and 3.3 (before 3.3.5), Groupware 1.1 (before 1.1.6) and 1.2 (before 1.2.4), and Horde Webmail Editions 1.1 (before 1.1.6) and 1.2 (before 1.2.4). The vulnerability arises from Horde_Form_Type_image reusing temporary upload file...
CVE-2015-7984
CVE-2015-7984 cites CSRF vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 that allow remote attackers to hijack administrator authentication to perform requests executing arbitrary commands, SQL queries, or PHP code (via cmd, ...
CVE-2009-3701
CVE-2009-3701 affects Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5. It enables remote XSS via PATH_INFO to admin/phpshell.php, admin/cmdshell.php, or admin/sqlshell.php, related to PHP_SELF. Impact is arbitrary script/HTM...
CVE-2017-15235
The CVE-2017-15235 issue affects the Horde Groupware File Manager (gollem) module: version 3.0.11 in Horde Groupware 5.2.21 allows remote unauthenticated file downloads via a crafted fn parameter that maps to the exact filename. The vulnerability enables remote attackers to bypass Horde authentic...
CVE-2017-7413
CVE-2017-7413 affects Horde_Crypt prior to 2.7.6 used in Horde Groupware Webmail Edition (through 5.2.17). An OS command injection is possible when an authenticated Horde Webmail user with PGP features enabled encrypts mail to a specially crafted address, enabling potential remote code execution ...
CVE-2020-8866
CVE-2020-8866 affects Horde Groupware Webmail Edition 5.2.22, with a flaw in add.php where insufficient validation of user-supplied data allows remote attackers (authenticated) to upload arbitrary files. This can enable code execution in the www-data context when combined with other vulnerabiliti...
CVE-2016-2228
CVE-2016-2228 is a cross-site scripting (XSS) vulnerability in Horde Groupware prior to 5.2.12 and Horde Groupware Webmail Edition prior to 5.2.12. The issue allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, demonstrated by a request to xplorer/gollem/m...
CVE-2020-8865
CVE-2020-8865 affects Horde Groupware Webmail Edition 5.2.22. A flaw in edit.php when parsing params[template] allows an authenticated attacker to trigger improper file path handling and, with other vulnerabilities, execute code as the www-data user. Connected advisories confirm the issue and lin...
CVE-2015-8807
The CVE-2015-8807 issue affects Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12. The vulnerability resides in Horde’s _renderVarInput_number function within Html.php, enabling remote attackers to inject arbitrary web script or HTML via numbers in form fields (XSS)....
CVE-2008-7218
The CVE-2008-7218 entry concerns an unspecified vulnerability in the Horde API affecting Horde 3.x (including Horde, Turba H3, Kronolith H3, Nag H3, Mnemo H3) and Horde Groupware/Groupware Webmail Edition with multiple pre-release version gaps. Public sources concur the vulnerability has unknown ...
CVE-2013-6364
CVE-2013-6364 concerns the Horde Groupware Webmail Edition, where saving a search as a virtual address book is vulnerable to CSRF and XSS. The vulnerability arises in the webmail component when performing the save operation, enabling an attacker to induce cross-site requests or script execution i...
CVE-2017-16908
The CVE-2017-16908 entry concerns Horde Groupware 5.2.19, where an XSS vulnerability in the Resource Name field can be exploited to enable remote code execution after compromising an administrator account, by bypassing the CVE-2015-7984 CSRF protection mechanism. Affected product/component: Horde...
CVE-2009-3237
The CVE-2009-3237 issue affects Horde Application Framework and related Groupware packages: XSS vulnerabilities in Horde App Framework versions before 3.2.5 (and 3.3.x before 3.3.5) and in Groupware 1.1.x before 1.1.6 and 1.2.x before 1.2.4, plus Groupware Webmail Edition 1.1/1.2 before these fix...
CVE-2008-0807
CVE-2008-0807 affects Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, deployed in Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5. The flaw in lib/Driver/sql.php fails to properly check access rights, allowing remote authenticated use...
CVE-2013-6365
The CVE-2013-6365 entry relates to Horde Groupware Webmail 5.1.2 and describes a CSRF vulnerability in which requests to change permissions can be forged. Public references (e.g., Exploit-DB) describe a CSRF flaw in the Change of permissions function due to a missing or insufficient token in the ...
CVE-2013-6275
CVE-2013-6275 affects Horde Groupware Webmail Edition up to 5.1.2, specifically in basic.php, with multiple CSRF issues. The root cause is missing CSRF protections in several functions; exploitation details are shown in the Exploit-DB entry (Horde Groupware Web Mail Edition 5.1.2 CSRF). The conne...
CVE-2017-7414
In Horde_Crypt (PHP Horde) prior to 2.7.6, used in Horde Groupware Webmail Edition 5.x–5.2.17, a crafted PGP-signed email can trigger OS command injection when the recipient views or previews the message. The vulnerability arises when PGP features are enabled and “Should PGP signed messages be au...
CVE-2010-3695
CVE-2010-3695 is a cross-site scripting (XSS) vulnerability in Horde IMP (before 4.3.8) and Horde Groupware Webmail Edition (before 1.2.7). The flaw allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in the fetchmail_prefs_save action (Fetchmail configuration)....
CVE-2017-16907
In Horde Groupware, CVE-2017-16907 is a documented XSS in the Color field of a Create Task List action affecting Horde Groupware 5.2.19 and 5.2.21. Debian LTS advisories report fixes in php-horde-core (2.27.6+debian1-2+deb9u1) and php-horde (5.2.13+debian0-1+deb9u3) for Debian 9 stretch, indicati...
CVE-2008-1284
CVE-2008-1284 affects Horde 3.1.6, Groupware up to 1.0.5, and Groupware Webmail Edition up to 1.0.6. The vulnerability is a directory traversal via ../ and a null byte in the theme name, allowing remote authenticated users to read and execute arbitrary files. The NVD entry lists a CVSSv2 base sco...
CVE-2008-7219
CVE-2008-7219 affects Horde Kronolith H3 (2.1 up to before 2.1.7; 2.2 before 2.2-RC2), Nag H3 (2.1 before 2.1.4; 2.2 before 2.2-RC2), Mnemo H3 (2.1 before 2.1.2; 2.2 before 2.2-RC2), Groupware (1.0 before 1.0.3; 1.1 before 1.1-RC2) and Groupware Webmail Edition (1.0 before 1.0.4; 1.1 before 1.1-R...
CVE-2017-16906
CVE-2017-16906 affects Horde Groupware, specifically version 5.2.19–5.2.22, where an XSS vulnerability exists in the Calendar → New Event URL field. The vulnerability allows an attacker to inject HTML/JavaScript through the URL parameter, with potential for remote code execution as per CNVD descr...
CVE-2016-5303
CVE-2016-5303 affects Horde Groupware and Horde Groupware Webmail Edition (before 5.2.16). Vulnerable component: Horde Text Filter API. The issue allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute, enabling...
CVE-2009-4363
CVE-2009-4363 affects Horde Framework components (Text_Filter/lib/Horde/Text/Filter/Xss.php) and related Horde Groupware packages, where data: URIs in HTML email HREF attributes could trigger cross-site scripting. Root cause is improper handling of data: URIs; vendor notes issue tied to Firefox. ...
CVE-2007-1679
The CVE-2007-1679 entry concerns multiple XSS vulnerabilities in Horde Groupware Webmail 1.0, specifically in imp/search.php and ingo/rule.php. The issue is that remote authenticated users can inject script/HTML via unspecified vectors; however, the vendor disputes the existence of the search.php...
CVE-2008-1974
CVE-2008-1974 is an XSS vulnerability in Horde Kronolith (Kronolith 2.1.x and Groupware variants) where the url parameter in addevent.php can inject arbitrary script/HTML. The issue is reported as insufficient input sanitisation in Kronolith’s add-event flow, allowing remote attackers to execute ...
CVE-2012-6640
Cross-site scripting (XSS) in Horde Internet Mail Program (IMP) before 5.0.22, used with Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment. No remediation details are provided in the supplied documents.
CVE-2012-5565
CVE-2012-5565 is an XSS vulnerability in Horde IMP (js/compose-dimp.js) used with Horde Groupware Webmail Edition prior to 4.0.9. The issue allows remote attackers to inject arbitrary web script or HTML by supplying a crafted name for an attached file in the dynamic view, affecting Horde IMP befo...
CVE-2007-0579
CVE-2007-0579 affects Horde Groupware Webmail Edition before 1.0 and Groupware before 1.0. Unspecified vulnerability in the calendar component allows remote attackers to include certain files via unspecified vectors. No further technical details or remediation are provided in the accessible docum...
CVE-2008-2783
CVE-2008-2783 describes multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, including Groupware Webmail Edition and Kronolith. The flaws allow remote attackers to inject arbitrary script or HTML via the timestamp parameter to week.php, workweek.php, and day.php, and via the ho...
CVE-2014-4945
CVE-2014-4945 : Concrete details across multiple sources show multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5. The issue allows remote attackers to inject arbitrary web script or HTML vi...
CVE-2014-4946
The vulnerability CVE-2014-4946 affects Horde IMP (Internet Mail Program) before version 6.1.8, as deployed in Horde Groupware Webmail Edition before 5.1.5. The issue is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via (1) unspecified flags...
CVE-2012-5566
Affected software: Horde Kronolith (H4) 3.0.x used in Horde Groupware Webmail Edition prior to 4.0.8. Vulnerability: multiple XSS flaws in the tasks view and search view, due to input handling in Kronolith before 3.0.17. Impact: remote attackers can inject arbitrary web script or HTML. Remediatio...
CVE-2010-3693
CVE-2010-3693 is an XSS vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5 and Horde Groupware Webmail Edition before 1.2.7. It allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names. The documents do not specify exploitation status or c...
CVE-2010-4778
Horde IMP prior to 4.3.8 and Horde Groupware Webmail Edition prior to 1.2.7 contain multiple XSS vulnerabilities in fetchmailprefs.php (fetchmail_prefs_save action). The issues allow remote attackers to inject arbitrary web script or HTML via vulnerable fields, specifically (for CVE-2010-4778) th...
CVE-2012-5567
CVE-2012-5567 affects Horde Kronolith (H4) before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9. The flaw is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary script/HTML via crafted event location parameters in the month, monthlist, or ...
CVE-2025-41066
The vulnerability concerns Horde Groupware v5.2.22. Affected component: Horde Groupware web interface. Root cause: unauthenticated user enumeration via HTTP request to /imp/attachment.php with parameters id and u, causing the server to reveal whether a user exists (returns an empty file when the ...