CVE-2022-30287
https://notcve.org/view.php?id=CVE-2022-30287
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. Horde Groupware Webmail Edition versiones hasta 5.2.22, permite un ataque de inyección de reflexión mediante el cual un atacante puede instanciar una clase de controlador. Esto conlleva a una deserialización arbitraria de objetos PHP • https://blog.sonarsource.com/horde-webmail-rce-via-email https://lists.debian.org/debian-lts-announce/2022/08/msg00022.html https://www.horde.org/apps/webmail • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-502: Deserialization of Untrusted Data •
CVE-2021-26929 – Horde Groupware Webmail 5.2.22 - Stored XSS
https://notcve.org/view.php?id=CVE-2021-26929
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses. Se detectó un problema de tipo XSS en Horde Groupware Webmail Edition versiones hasta 5.2.22 (donde es usada la biblioteca Horde_Text_Filter versiones anteriores a 2.3.7). El atacante puede enviar un mensaje de correo electrónico de texto plano, con JavaScript codificado como un enlace o correo electrónico que es manejado apropiadamente por la función preProcess en el archivo Text2html.php, porque el uso personalizado de \x00\x00\x00 y \x01\x01\x01 interfiere con las defensas de XSS Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the Horde_Text_Filter library. • https://www.exploit-db.com/exploits/49769 http://packetstormsecurity.com/files/162187/Webmail-Edition-5.2.22-XSS-Remote-Code-Execution.html http://packetstormsecurity.com/files/162194/Horde-Groupware-Webmail-5.2.22-Cross-Site-Scripting.html https://github.com/horde/webmail/releases https://lists.debian.org/debian-lts-announce/2021/02/msg00028.html https://lists.horde.org/archives/announce/2021/001298.html https://www.alexbirnberg.com/horde-xss.html https://www.horde.org/apps/webmail • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-8034
https://notcve.org/view.php?id=CVE-2020-8034
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. Gollem versiones anteriores a 3.0.13, tal como es usado en Horde Groupware Webmail Edition versión 5.2.22 y otros productos, está afectado por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejada por medio del parámetro HTTP GET dir en la funcionalidad browser, afectando a una salida del breadcrumb. Un atacante puede obtener acceso a la cuenta de correo web de una víctima al hacer que visite una URL maliciosa. • https://github.com/horde/gollem/blob/95b2a4212d734f1b27aaa7a221d2fa1370d2631f/docs/CHANGES https://github.com/horde/gollem/commits/master https://lists.debian.org/debian-lts-announce/2020/05/msg00033.html https://lists.horde.org/archives/announce/2020/001289.html https://lists.horde.org/archives/gollem/Week-of-Mon-20200420/001990.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-8865 – Horde Groupware Webmail Edition edit Page Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8865
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. • https://www.exploit-db.com/exploits/48209 https://www.exploit-db.com/exploits/48210 https://lists.debian.org/debian-lts-announce/2020/04/msg00009.html https://www.zerodayinitiative.com/advisories/ZDI-20-276 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVE-2020-8866 – Horde Groupware Webmail Edition add Page Unrestricted File Upload Arbitrary File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2020-8866
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. • https://www.exploit-db.com/exploits/48210 https://www.exploit-db.com/exploits/48209 https://lists.debian.org/debian-lts-announce/2020/03/msg00036.html https://lists.horde.org/archives/announce/2020/001288.html https://www.zerodayinitiative.com/advisories/ZDI-20-275 • CWE-434: Unrestricted Upload of File with Dangerous Type •