CVSS: 6.4EPSS: 4%CPEs: 10EXPL: 1CVE-2009-0932 – Horde - Horde_Image::factory driver Argument Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-0932
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. Vulnerabilidad de salto de directorio en framework/Image/Image.php en Horde anterior a v3.2.4 y v3.3.3 y Horde Groupware anterior a v1.1.5 permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de secuencias de salto de directorio en el nombre Horde_Image driver. Horde version 3.3.2 suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/16154 http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5 http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503 http://lists.horde.org/archives/announce/2009/000482.html http://lists.horde.org/archives/announce/2009/000483.html http://lists.horde.org/archives/announce/2009/000486.html http://lists.opensuse.org/opensuse-securit • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2009-0931
https://notcve.org/view.php?id=CVE-2009-0931
Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la secuencia de comandos de búsqueda de nube de etiquetas (horde/services/portal/cloud_search.php) en Horde anterior a v3.2.4 y v3.3.3, y Horde Groupware anterior a v1.1.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5 http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503 http://lists.horde.org/archives/announce/2009/000482.html http://lists.horde.org/archives/announce/2009/000483.html http://lists.horde.org/archives/announce/2009/000486.html http://secunia.com/advisories/33695 http://www.securityfocus.com/bid/33491 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2008-3330
https://notcve.org/view.php?id=CVE-2008-3330
Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en services/obrowser/index.php in Horde 3.2 y Turba 2.2, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través del nombre contact. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492578 http://secunia.com/advisories/34609 http://www.securityfocus.com/bid/29745 http://www.securitytracker.com/id?1020566 http://www.securitytracker.com/id?1020567 https://exchange.xforce.ibmcloud.com/vulnerabilities/44198 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •