CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2020-8866 – Horde Groupware Webmail Edition add Page Unrestricted File Upload Arbitrary File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2020-8866
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. • https://www.exploit-db.com/exploits/48210 https://www.exploit-db.com/exploits/48209 https://lists.debian.org/debian-lts-announce/2020/03/msg00036.html https://lists.horde.org/archives/announce/2020/001288.html https://www.zerodayinitiative.com/advisories/ZDI-20-275 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2016-2228
https://notcve.org/view.php?id=CVE-2016-2228
Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php. Vulnerabilidad de XSS en horde/templates/topbar/_menubar.html.php en Horde Groupware en versiones anteriores a 5.2.12 y Horde Groupware Webmail Edition en versiones anteriores a 5.2.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro searchfield, como ha quedado demostrado por una petición a xplorer/gollem/manager.php. • http://bugs.horde.org/ticket/14213 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html http://lists.horde.org/archives/announce/2016/001148.html http://lists.horde.org/archives/announce/2016/001149.html http://www.debian.org/security/2016/dsa-3497 http://www.openwall.com/lists/oss-security/2016/02/06/4 http://www.openwall.com/lists/oss-security/2016/02/06/5 https&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 2CVE-2015-7984 – Horde Groupware 5.2.10 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-7984
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php. Múltiples vulnerabilidades de CSRF en Horde en versiones anteriores a 5.2.8, Horde Groupware en versiones anteriores a 5.2.11 y Horde Groupware Webmail Edition en versiones anteriores a 5.2.11 permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que ejecutan (1) comandos a través del parámetro cmd a admin/cmdshell.php, (2) consultas SQL a través del parámetro sql a admin/sqlshell.php o (3) código PHP a través del parámetro php a admin/phpshell.php arbitrarios. Horde Groupware version 5.2.10 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/38765 http://lists.horde.org/archives/announce/2015/001124.html http://lists.horde.org/archives/announce/2015/001137.html http://lists.horde.org/archives/announce/2015/001138.html http://www.debian.org/security/2015/dsa-3391 https://www.htbridge.com/advisory/HTB23272 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 60%CPEs: 3EXPL: 5CVE-2012-0209 – Horde 3.3.12 - Backdoor Arbitrary PHP Code Execution
https://notcve.org/view.php?id=CVE-2012-0209
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code. Horde v3.3.12, Horde Groupware v1.2.10, y Horde Groupware Webmail Edition v1.2.10, como el distribuido por FTP entre noviembre del 2011 y febrero del 2012, contiene unas modificaciones introducidas externamente (troyano) en templates/javascript/open_calendar.js, lo que permite a atacantes remotos ejecutar código PHP. • https://www.exploit-db.com/exploits/18492 http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155 http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis http://lists.horde.org/archives/announce/2012/000751.html http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html https://bugzilla.redhat.com/show_bug.cgi?id=790877 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2009-3237
https://notcve.org/view.php?id=CVE-2009-3237
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "text parts" that are not properly handled in the MIME viewer library (config/mime_drivers.php). Múltiple vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Horde Application Framework desde v3.2 anteriores a v3.2.5 y desde v3.3 anteriores a v3.3.5; Groupware desde v1.1 anteriores a v1.1.6 y 1.2 anteriores a v1.2.4; y Groupware Webmail Edition desde v1.1 anteriores a v1.1.6 y desde v1.2 anteriores a v1.2.4; permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través de (1) preferencias numéricas manipuladas que no han sido adecuadamente gestionadas en el sistema de preferencias (services/prefs.php), como quedo demostrado por el parámetro sidebar_width o (2) "fragmentos de texto" MIME desconocidos manipulados que no son gestionados adecuadamente por la librería de visor de MIME (config/mime_drivers.php). • http://bugs.horde.org/ticket/?id=8311 http://bugs.horde.org/ticket/?id=8399 http://marc.info/?l=horde-announce&m=125291625030436&w=2 http://marc.info/?l=horde-announce&m=125292088004087&w=2 http://marc.info/? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •