Horde Security Vulnerabilities and Issues — Horde CVE List

Lucene search

HordeHorde

18 matches found

CVE•added 2012/09/25 10:55 p.m.•132 views

CVE-2012-0209

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary...

7.5CVSS7.4AI score0.64772EPSS

Web

CVE•added 2006/03/19 2:2 a.m.•69 views

CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.

5CVSS6.3AI score0.23329EPSS

Web

CVE•added 2005/11/16 7:42 a.m.•64 views

CVE-2005-3344

The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.

10CVSS6.7AI score0.1015EPSS

CVE•added 2008/09/12 4:56 p.m.•56 views

CVE-2008-3823

Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.

4.3CVSS5.3AI score0.00612EPSS

CVE•added 2003/04/02 5:0 a.m.•53 views

CVE-2002-0181

Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.

7.5CVSS6.8AI score0.01495EPSS

CVE•added 2008/03/11 12:44 a.m.•53 views

CVE-2008-1284

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.

6CVSS6.5AI score0.01313EPSS

CVE•added 2005/11/22 9:3 p.m.•52 views

CVE-2005-3759

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

5.8CVSS5.5AI score0.00714EPSS

CVE•added 2006/07/13 12:5 a.m.•51 views

CVE-2006-3548

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/...

4.3CVSS5.4AI score0.01138EPSS

Web

CVE•added 2009/09/13 10:30 p.m.•51 views

CVE-2008-7218

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before...

10CVSS6.5AI score0.01854EPSS

CVE•added 2006/06/15 10:2 a.m.•48 views

CVE-2006-2195

Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.

6.8CVSS5.4AI score0.04367EPSS

Web

CVE•added 2008/01/11 2:46 a.m.•48 views

CVE-2007-6018

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email messa...

5.8CVSS7.5AI score0.0115EPSS

Web

CVE•added 2005/11/16 7:42 a.m.•44 views

CVE-2005-3570

Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".

4.3CVSS5.2AI score0.01316EPSS

CVE•added 2008/09/12 4:56 p.m.•43 views

CVE-2008-3824

Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for space...

4.3CVSS5.4AI score0.00768EPSS

CVE•added 2005/05/02 4:0 a.m.•41 views

CVE-2005-0378

Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.

4.3CVSS5.7AI score0.00504EPSS

CVE•added 2006/08/21 8:4 p.m.•40 views

CVE-2006-4255

Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.

4.3CVSS5.6AI score0.00791EPSS

Web

CVE•added 2010/06/22 5:30 p.m.•39 views

CVE-2010-1638

The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installa...

5CVSS6.8AI score0.00207EPSS

CVE•added 2003/10/20 4:0 a.m.•35 views

CVE-2003-0728

Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.

6.4CVSS7.1AI score0.00593EPSS

CVE•added 2001/01/22 5:0 a.m.•31 views

CVE-2000-0910

Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.

4.6CVSS7.9AI score0.001EPSS