Groupware Security Vulnerabilities and Issues — Groupware CVE List

Lucene search

HordeGroupware

6 matches found

CVE•added 2017/10/11 3:29 a.m.•61 views

CVE-2017-15235

The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.

7.5CVSS7.4AI score0.16059EPSS

CVE•added 2017/04/04 2:59 p.m.•57 views

CVE-2017-7413

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email add...

9CVSS8.5AI score0.18475EPSS

CVE•added 2017/11/20 8:29 p.m.•55 views

CVE-2017-16908

In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.

5.4CVSS5.7AI score0.01484EPSS

CVE•added 2017/11/20 8:29 p.m.•49 views

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.

5.4CVSS5AI score0.00227EPSS

CVE•added 2017/11/20 8:29 p.m.•48 views

CVE-2017-16906

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.

5.4CVSS5AI score0.00249EPSS

CVE•added 2017/04/04 2:59 p.m.•47 views

CVE-2017-7414

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit t...

7.5CVSS8AI score0.01304EPSS