21 matches found
CVE-2004-1443
CVE-2004-1443 is a documented XSS vulnerability in the Horde-IMP inline MIME viewer affecting Horde-IMP versions 3.2.4 and earlier when accessed with Internet Explorer. The vulnerability allows an attacker to inject arbitrary script/HTML via a crafted e‑mail message. Public assessment sources con...
CVE-2001-1257
The CVE-2001-1257 entry affects the Horde IMP web-based IMAP client, with vulnerable versions before 2.2.6 and 1.2.6. The underlying issue is a cross-site scripting (XSS) flaw that allows an attacker to embed JavaScript in an email, which could execute in a user’s browser when viewing the message...
CVE-2007-6018
CVE-2007-6018 affects IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3, where insufficient validation of HTTP requests allows a remote attacker to (1) delete arbitrary emails via a modified numeric ID and (2) purge deleted emails via a crafted...
CVE-2002-0181
CVE-2002-0181 — Horde IMP status.php3 XSS is confirmed in connected OpenVAS/NVD entries. The vulnerability arises in the status.php3 parameter handling of IMP 2.2.8 and HORDE 1.2.7, where user-supplied data is not properly sanitized, enabling cross-site scripting and potential cookie theft when a...
CVE-2010-3695
CVE-2010-3695 is a cross-site scripting (XSS) vulnerability in Horde IMP (before 4.3.8) and Horde Groupware Webmail Edition (before 1.2.7). The flaw allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in the fetchmail_prefs_save action (Fetchmail configuration)....
CVE-2012-0791
CVE-2012-0791 is a set of cross-site scripting (XSS) vulnerabilities in Horde IMP and Horde Groupware Webmail Edition. The NVD description specifies XSS vectors via composeCache, rtemode, filename_* on the compose page; the contacts popup formname; and IMAP mailbox names. Affected products/versio...
CVE-2007-1474
CVE-2007-1474 affects Horde Project Horde and IMP prior to Horde Application Framework 3.1.4. The vulnerability is an argument injection flaw in the cleanup cron script that can let local users delete arbitrary files and potentially gain privileges by supplying multiple space-delimited pathnames....
CVE-2007-1515
CVE-2007-1515 relates to multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3 (and possibly earlier). The NVD description indicates that remote attackers could inject arbitrary scripts via (1) the email Subject header in thread.php and (2) the edit_query parameter in search.p...
CVE-2004-0584
CVE-2004-0584 refers to an input validation vulnerability in Horde IMP up to version 3.2.3 (and earlier) that can allow remote attackers to inject script via HTML or script in email messages, potentially triggering a cross-site scripting (XSS) condition. Affected software: Horde IMP 3.2.3 and ear...
CVE-2002-2024
Horde IMP 2.2.7 is affected. The issue allows remote attackers to obtain the full web root pathname by requesting specific files (poppassd.php3, login.php3?reason=chpass2, spelling.php3, ldap.search.php3?ldap_serv=nonsense), with error messages leaking the information. Impact is information discl...
CVE-2003-0025
IMP is a web-based IMAP mail client, affected in versions up to 2.2.8 and earlier. The CVE describes multiple SQL injection vulnerabilities that allow a remote attacker to perform unauthorized database activities and potentially gain privileges, via functions such as check_prefs() in db.pgsql and...
CVE-2006-4255
CVE-2006-4255 affects Horde IMP H3 before 4.1.3. The vulnerability is a Cross-Site Scripting (XSS) flaw in horde/imp/search.php, reported as injectible via multiple unspecified vectors related to folder names and the vfolder_label field in the IMP search screen. Affected component is the IMP webm...
CVE-2012-6640
Cross-site scripting (XSS) in Horde Internet Mail Program (IMP) before 5.0.22, used with Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment. No remediation details are provided in the supplied documents.
CVE-2005-1319
CVE-2005-1319 describes a cross-site scripting (XSS) vulnerability in the Horde IMP Webmail client, affecting versions prior to 3.2.8. The root cause is unsanitized input used to set the parent frame page title, allowing remote attackers to inject arbitrary script/HTML. Public references (NVD, SU...
CVE-2012-5565
CVE-2012-5565 is an XSS vulnerability in Horde IMP (js/compose-dimp.js) used with Horde Groupware Webmail Edition prior to 4.0.9. The issue allows remote attackers to inject arbitrary web script or HTML by supplying a crafted name for an attached file in the dynamic view, affecting Horde IMP befo...
CVE-2010-0463
CVE-2010-0463 affects Horde IMP 4.3.6 and earlier. The vulnerability arises because Horde IMP does not prevent DNS prefetching of domain names contained in e‑mail messages, enabling remote attackers to infer the webmail user’s network location by logging DNS requests. The NVD entry lists a CVSS v...
CVE-2001-1258
CVE-2001-1258 affects the Horde IMP before 2.2.6. According to the Debian DSA-073-1 advisory and related sources, a hostile user who can place a publicly readable prefs.lang file on the Apache/PHP server can have that file executed as PHP code, enabling access to config data and potentially the H...
CVE-2005-4080
Horde IMP 4.0.4 and earlier are vulnerable to cross-site scripting (XSS) due to failure to sanitize strings containing UTF-16 null characters. The issue allows remote attackers to craft UTF-16 encoded attachments/strings that execute when viewed in Internet Explorer (which ignores the null chars)...
CVE-2001-0744
Summary: CVE-2001-0744 affects Horde IMP 2.2.4 and earlier. The vulnerability arises from a symlink attack on a temporary file that allows local users to overwrite files. The impact is limited to local integrity (partial) with no confidentiality or availability impact stated, according to the pro...
CVE-2000-0911
CVE-2000-0911 affects IMP 2.2 and earlier. The vulnerability arises from modifying the hidden attachment_name form variable, enabling an attacker to read and delete arbitrary files by causing IMP to send the targeted file to the attacker as an attachment. The available sources confirm the affecte...
CVE-2010-4778
Horde IMP prior to 4.3.8 and Horde Groupware Webmail Edition prior to 1.2.7 contain multiple XSS vulnerabilities in fetchmailprefs.php (fetchmail_prefs_save action). The issues allow remote attackers to inject arbitrary web script or HTML via vulnerable fields, specifically (for CVE-2010-4778) th...