CVSS: 10.0EPSS: 1%CPEs: 39EXPL: 0CVE-2008-7218
https://notcve.org/view.php?id=CVE-2008-7218
13 Sep 2009 — Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors. Vulnerabilidad no especificada en el ... • http://lists.horde.org/archives/announce/2008/000360.html •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2009-0931
https://notcve.org/view.php?id=CVE-2009-0931
17 Mar 2009 — Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la secuencia de comandos de búsqueda de nube de etiquetas (horde/services/portal/cloud_search.php) en Horde anterior a v3.2.4 y v3.3.3, y Horde Groupware anterior a v1.1.5, pe... • http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 3%CPEs: 10EXPL: 1CVE-2009-0932 – Horde - Horde_Image::factory driver Argument Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-0932
17 Mar 2009 — Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. Vulnerabilidad de salto de directorio en framework/Image/Image.php en Horde anterior a v3.2.4 y v3.3.3 y Horde Groupware anterior a v1.1.5 permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de secuencias de salto... • https://www.exploit-db.com/exploits/16154 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 2CVE-2008-3823 – Horde 3.2 - MIME Attachment Filename Insufficient Filtering Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3823
12 Sep 2008 — Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo MIME/MIME/Contents.php de la biblioteca MIME de Horde 3.2.x anterior a 3.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección utilizando el nombre del fichero... • https://www.exploit-db.com/exploits/32354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 11EXPL: 2CVE-2008-3824 – Horde Application Framework 3.2.1 - Forward Slash Insufficient Filtering Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3824
12 Sep 2008 — Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en (1) el módulo Text_Filter/Filter/xss.php de Horde versiones 3.1.x anteriores a 3.1.9 y versiones 3.2.x anteriores a... • https://www.exploit-db.com/exploits/32353 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2008-3330
https://notcve.org/view.php?id=CVE-2008-3330
27 Jul 2008 — Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en services/obrowser/index.php in Horde 3.2 y Turba 2.2, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través del nombre contact. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1284
https://notcve.org/view.php?id=CVE-2008-1284
11 Mar 2008 — Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. Vulnerabilidad de salto de directorio en Horde 3.1.6, Groupware anterior 1.0.5, y Groupware Webmail Edition anterior 1.0.6, cuando ejecuta ciertas configuraciones, pertmite a usuarios autenticados remotamente leer y ejecutar fic... • http://lists.horde.org/archives/announce/2008/000382.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2007-6018
https://notcve.org/view.php?id=CVE-2007-6018
11 Jan 2008 — IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, y Horde Groupware Webmail Edition 1.0.3 no validan peticiones HTTP no especificadas, lo cual permite a atacantes remotos (1) borrar mensajes de corr... • http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 38EXPL: 0CVE-2006-4255
https://notcve.org/view.php?id=CVE-2006-4255
21 Aug 2006 — Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en horde/imp/search.php en Horde IMP H3 anterior a 4.1.3 permite a atacanets remotos incluir secuencias de comandos web o HTML de su elección a través de múlt... • http://lists.horde.org/archives/announce/2006/000294.html •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 2CVE-2006-3548
https://notcve.org/view.php?id=CVE-2006-3548
13 Jul 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). Múltiples vu... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html •