CVSS: 7.8EPSS: 1%CPEs: 24EXPL: 1CVE-2007-1474 – Horde Framework and IMP 2.x/3.x - Cleanup Cron Script Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2007-1474
16 Mar 2007 — Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. Vulnerabilidad de inyección de argumento en la secuencia de comandos cleanup para cron de Horde Project Horde e IMP anterior a Horde Application Framework 3.1.4 permite a usuarios locales borrar archivos de su elección y posiblemente obtener privilegios mediante múl... • https://www.exploit-db.com/exploits/29746 •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2006-4256
https://notcve.org/view.php?id=CVE-2006-4256
21 Aug 2006 — index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. index.php en Horde Application Framework anerior a 3.1.2 permite a atacantes remotos incluir páginas web de otros sitios, lo que podría ser útil para ataques de phishing, mediante una URL en el pa... • http://lists.horde.org/archives/announce/2006/000292.html •
CVSS: 5.3EPSS: 1%CPEs: 13EXPL: 3CVE-2006-3549
https://notcve.org/view.php?id=CVE-2006-3549
13 Jul 2006 — services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server. services/go.php en Horde Application Framework 3.0.0 hasta la 3.0.10 y 3.1.0 hasta la 3.1.1 no restringe de forma adecuada su capacidad de imagen de proxy, lo cual permite... • http://lists.horde.org/archives/announce/2006/000287.html •
CVSS: 9.8EPSS: 18%CPEs: 12EXPL: 1CVE-2006-1491 – Horde 3.0.9/3.1.0 - Help Viewer Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-1491
29 Mar 2006 — Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. • https://www.exploit-db.com/exploits/1660 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 43EXPL: 0CVE-2005-4190
https://notcve.org/view.php?id=CVE-2005-4190
13 Dec 2005 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. Múltiples vulnerabilidades de secuencias de comand... • http://lists.horde.org/archives/announce/2005/000238.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0961
https://notcve.org/view.php?id=CVE-2005-0961
03 Apr 2005 — Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. • http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49&r2=1.515.2.93&ty=h •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2004-2741
https://notcve.org/view.php?id=CVE-2004-2741
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. • http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •