Page 17 of 114 results (0.005 seconds)

CVSS: 5.0EPSS: 10%CPEs: 33EXPL: 3

CVE-2006-1260 – Horde Web-Mail 3.x - 'go.php' Remote File Disclosure

https://notcve.org/view.php?id=CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. • https://www.exploit-db.com/exploits/4850 http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html http://secunia.com/advisories/19246 http://secunia.com/advisories/19528 http://secunia.com/advisories/19619 http://secunia.com/advisories/19692 http://secunia.com/advisories/19897 http://securityreason.com/securityalert/590 http://securitytracker.com/id?1015771 http://www.debian.org/security/2006/dsa-1033 http://www.debian.org/security/2006/dsa-1034 http:/&#x •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2005-4242

https://notcve.org/view.php?id=CVE-2005-4242

Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Turba H3 2.0.4 y anteriores permiten a atacantes remotos inyectar 'script' web o HTML de su elección mediante (1) la libreta de direcciones y (2) datos de contacto. • http://lists.horde.org/archives/announce/2005/000235.html http://secunia.com/advisories/17968 http://www.vupen.com/english/advisories/2005/2837 •

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2005-4192

https://notcve.org/view.php?id=CVE-2005-4192

Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en templates/notepads/notepads.inc en Horde Mnemo Note Manager H3 anteriores a 2.0.3 permite a a usuarios remotos autenticados inyectar 'script' web o HTML arbitrario mediante (1) el nombre del bloc de notas o la (2) descripción, cuando se crea un bloc de notas. • http://cvs.horde.org/diff.php/mnemo/templates/notepads/notepads.inc?r1=1.9&r2=1.10&ty=h http://lists.horde.org/archives/announce/2005/000237.html http://secunia.com/advisories/17964 http://www.sec-consult.com/245.html http://www.securityfocus.com/bid/15803 http://www.vupen.com/english/advisories/2005/2833 •

CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2005-4191

https://notcve.org/view.php?id=CVE-2005-4191

Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en templates/tasklists/tasklists.inc en Horde Nag Task List Manager H3 anteriores a 2.0.4 permiten a atacantes remotos autenticados inyectar 'script' web o HTML de su elección mediante (1) el nombre de la lista de tareas o (2) la descripción, cuando se crea una nueva lista de tareas. • http://cvs.horde.org/diff.php/nag/templates/tasklists/tasklists.inc?r1=1.10&r2=1.11&ty=h http://lists.horde.org/archives/announce/2005/000236.html http://secunia.com/advisories/17969 http://www.sec-consult.com/245.html http://www.securityfocus.com/bid/15804 http://www.vupen.com/english/advisories/2005/2836 •

CVSS: 3.5EPSS: 0%CPEs: 14EXPL: 0

CVE-2005-4189

https://notcve.org/view.php?id=CVE-2005-4189

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Kronolith H3 anteriores a 2.0.6 permite a usuarios remotos autenticados inyectar 'scritp' web o HTML de su elección mediante (1) el nombre del campo "Calendar" cuanto se crean calendarios, (2) el campo de título de evento cuando se borran eventos, (3) los campos de búsqueda "Category" y (4) "Location", y (5) los campos de dirección de correo electrónico de los asistentes cuando se edita asistentes al evento, y posiblemente otros vectores. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html http://lists.horde.org/archives/announce/2005/000234.html http://secunia.com/advisories/17971 http://secunia.com/advisories/18827 http://www.debian.org/security/2006/dsa-970 http://www.osvdb.org/21608 http://www.osvdb.org/21609 http://www.osvdb.org/21610 http://www.osvdb.org/21611 http://www.sec-consult.com/245.html http://www.securityfocus.com/bid/15808 http://www.vupen.com/english •