Page 2 of 8 results (0.003 seconds)

CVSS: 7.5EPSS: 35%CPEs: 12EXPL: 1

CVE-2006-1491 – Horde 3.0.9/3.1.0 - Help Viewer Remote Code Execution

https://notcve.org/view.php?id=CVE-2006-1491

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. • https://www.exploit-db.com/exploits/1660 http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86 http://lists.horde.org/archives/announce/2006/000271.html http://lists.horde.org/archives/announce/2006/000272.html http://secunia.com/advisories/19485 http://secunia.com/advisories/19504 http://secunia.com/advisories/19528 http://secunia.com/advisories/19619 http://secunia.com/advisories/19692 http://securitytracker.com/id?1015841 http://www • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-0961

https://notcve.org/view.php?id=CVE-2005-0961

Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. • http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49&r2=1.515.2.93&ty=h http://lists.horde.org/archives/announce/2005/000176.html http://secunia.com/advisories/14730 http://www.novell.com/linux/security/advisories/2005_16_sr.html •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2004-2741

https://notcve.org/view.php?id=CVE-2004-2741

Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. • http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u http://lists.horde.org/archives/announce/2004/000107.html http://secunia.com/advisories/12992 http://securitytracker.com/id?1011959 http://www.osvdb.org/11164 http://www.securityfocus.com/bid/11546 https://exchange.xforce.ibmcloud.com/vulnerabilities/17881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •