CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 7CVE-2019-12095 – Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
https://notcve.org/view.php?id=CVE-2019-12095
17 May 2019 — Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload. Horde Trean, como se utiliza en Horde Groupware Webmail Edition a través de 5.2.22 y otros productos, permite CSRF, como lo demuestra el parámetro treanBookmarkTags al trean / URI en un servidor de correo web. NOTA: treanBookmarkTags podría, por eje... • https://packetstorm.news/files/id/152975 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 80%CPEs: 4EXPL: 3CVE-2019-9858 – Horde Form Shell Upload
https://notcve.org/view.php?id=CVE-2019-9858
10 Apr 2019 — Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file pas... • https://packetstorm.news/files/id/152476 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 1%CPEs: 12EXPL: 1CVE-2017-17688
https://notcve.org/view.php?id=CVE-2017-17688
16 May 2018 — The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification ** EN DISPUTA ** La especificación OpenPGP permite un ataque malleability-gadget Cipher Feedback Mode (CFB) que puede conducir indirectamente a la exfiltra... • http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 1CVE-2017-17689 – Debian Security Advisory 4244-1
https://notcve.org/view.php?id=CVE-2017-17689
16 May 2018 — The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. La especificación S/MIME permite un ataque malleability-gadget Cipher Block Chaining (CBC) que puede conducir indirectamente a la exfiltración en texto plano. Esto también se conoce como EFAIL. Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. • http://www.securityfocus.com/bid/104165 •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3999
https://notcve.org/view.php?id=CVE-2014-3999
10 Apr 2018 — The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. La biblioteca Horde_Ldap en versiones anteriores a la 2.0.6 para Horde permite que atacantes remotos omitan la autenticación aprovechando el conocimiento del DN del usuario bind LDAP. • http://www.openwall.com/lists/oss-security/2014/06/14/1 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2017-16906
https://notcve.org/view.php?id=CVE-2017-16906
20 Nov 2017 — In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. En Horde Groupware 5.2.19-5.2.22, existe XSS mediante el campo URL en una acción "Calendar -> New Event". • http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2017-16907
https://notcve.org/view.php?id=CVE-2017-16907
20 Nov 2017 — In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. En Horde Groupware 5.2.19 y 5.2.21, existe XSS mediante el campo Color en una acción Create Task List. • http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16908
https://notcve.org/view.php?id=CVE-2017-16908
20 Nov 2017 — In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. En Horde Groupware 5.2.19, existe XSS mediante el campo Name durante la creación de un nuevo recurso. Esto puede aprovecharse para ejecutar código de forma remota tras comprometer una cuenta de administrador, ya que se puede omitir el mecanismo de pro... • http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 2CVE-2017-15235 – Horde Groupware 5.2.21 - Unauthorized File Download
https://notcve.org/view.php?id=CVE-2017-15235
11 Oct 2017 — The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. El módulo File Manager (gollem) 3.0.11 en Horde Groupware 5.2.21 permite que atacantes remotos omitan la autenticación de Horde para descargas de archivos mediante un parámetro fn manipulado que corresponde al nombre de archivo exacto. • https://www.exploit-db.com/exploits/44059 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 8.1EPSS: 3%CPEs: 26EXPL: 1CVE-2017-14650 – Debian Security Advisory 4276-1
https://notcve.org/view.php?id=CVE-2017-14650
21 Sep 2017 — A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _... • http://www.openwall.com/lists/oss-security/2017/09/21/4 • CWE-20: Improper Input Validation •