CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 1CVE-2007-1474 – Horde Framework and IMP 2.x/3.x - Cleanup Cron Script Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2007-1474
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. Vulnerabilidad de inyección de argumento en la secuencia de comandos cleanup para cron de Horde Project Horde e IMP anterior a Horde Application Framework 3.1.4 permite a usuarios locales borrar archivos de su elección y posiblemente obtener privilegios mediante múltiples nombres de ruta separados por espacios. • https://www.exploit-db.com/exploits/29746 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489 http://lists.horde.org/archives/announce/2007/000315.html http://secunia.com/advisories/27565 http://www.debian.org/security/2007/dsa-1406 http://www.securityfocus.com/bid/22985 http://www.securitytracker.com/id?1017784 http://www.securitytracker.com/id?1017785 http://www.vupen.com/english/advisories/2007/0965 https://exchange.xforce.ibmcloud.com/vulnerabilities/32997 •
CVSS: 5.1EPSS: 4%CPEs: 2EXPL: 0CVE-2007-0579
https://notcve.org/view.php?id=CVE-2007-0579
Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad no especificada en el componente de calendario en Horde Groupware Webmail Edition versiones anteriores a 1.0, y Groupware before 1.0, permite a atacantes remotos incluir ficheros concretos mediante vectores desconocidos. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://lists.horde.org/archives/announce/2007/000308.html http://lists.horde.org/archives/announce/2007/000309.html http://osvdb.org/33083 http://www.securityfocus.com/bid/22273 http://www.vupen.com/english/advisories/2007/0368 https://exchange.xforce.ibmcloud.com/vulnerabilities/31849 •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2006-6175
https://notcve.org/view.php?id=CVE-2006-6175
Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter. Vulnerabilidad de escalado de directorio en lib/FBView.php del Horde Kronolith H3 en versiones anteriores a la 2.0.7 y en la 2.1.x anterior a la 2.1.4, permite a atacantes remotos ejecutar código y ficheros PHP de su elección mediante la secuencia .. (punto punto) en el parámetro view. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=445 http://marc.info/?l=horde-announce&m=116483107007152&w=2 http://marc.info/?l=horde-announce&m=116483121211579&w=2 http://secunia.com/advisories/23145 http://secunia.com/advisories/23780 http://security.gentoo.org/glsa/glsa-200701-11.xml http://securitytracker.com/id?1017316 http://www.securityfocus.com/bid/21341 http://www.vupen.com/english/advisories/2006/4775 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5449
https://notcve.org/view.php?id=CVE-2006-5449
procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule. procmail en el módulo Horde de Ingo H3 anterior a 1.1.2 permite a usuarios autenticados remotamente ejecutar comandos de su elección mediante metacaracteres de línea de comandos en el buzón destino de una regla de filtro. • http://bugs.horde.org/ticket/?Horde=6ed1a009f3396864553976a45948339e&id=4513 http://lists.horde.org/archives/announce/2006/000296.html http://secunia.com/advisories/22482 http://secunia.com/advisories/22656 http://secunia.com/advisories/23100 http://www.debian.org/security/2006/dsa-1204 http://www.gentoo.org/security/en/glsa/glsa-200611-22.xml http://www.securityfocus.com/bid/20637 http://www.vupen.com/english/advisories/2006/4124 •
CVSS: 4.3EPSS: 1%CPEs: 13EXPL: 0CVE-2006-4256
https://notcve.org/view.php?id=CVE-2006-4256
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. index.php en Horde Application Framework anerior a 3.1.2 permite a atacantes remotos incluir páginas web de otros sitios, lo que podría ser útil para ataques de phishing, mediante una URL en el parámetro url, también conocido como "referencia en sitios cruzados" (cross-site referencing). NOTA: algunas fuetnes se han referido a este problema como XSS, pero es diferente del clásico XSS. • http://lists.horde.org/archives/announce/2006/000292.html http://secunia.com/advisories/21500 http://secunia.com/advisories/27565 http://securityreason.com/securityalert/1422 http://securitytracker.com/id?1016713 http://www.debian.org/security/2007/dsa-1406 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456 http://www.securityfocus.com/archive/1/443360/100/0/threaded http://www.vupen.com/english/advisories/2006/3309 https://exchange.xforce.ibmcloud.com/vulnerabilities/28411 •