CVE-2020-7804
https://notcve.org/view.php?id=CVE-2020-7804
ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. ActiveX Control(HShell.dll) en Handy Groupware versión 1.7.3.1 para Windows 7, 8 y 10, permite a un atacante ejecutar un comando arbitrario por medio del método ShellExec. • http://www.handysoft.co.kr/product/product.html?seq=12 https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-12094 – Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
https://notcve.org/view.php?id=CVE-2019-12094
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. Horde Groupware Webmail Edition hasta la versión 5.2.22 permite XSS a través de admin / user.php? • https://bugs.horde.org/ticket/14926 https://cxsecurity.com/issue/WLB-2019050199 https://numanozdemir.com/respdisc/horde/horde.mp4 https://numanozdemir.com/respdisc/horde/horde.txt https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html https://www.exploit-db.com/exploits/46903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12095 – Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
https://notcve.org/view.php?id=CVE-2019-12095
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload. Horde Trean, como se utiliza en Horde Groupware Webmail Edition a través de 5.2.22 y otros productos, permite CSRF, como lo demuestra el parámetro treanBookmarkTags al trean / URI en un servidor de correo web. NOTA: treanBookmarkTags podría, por ejemplo, ser una carga útil XSS almacenada. Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. • https://bugs.horde.org/ticket/14926 https://cxsecurity.com/issue/WLB-2019050199 https://exchange.xforce.ibmcloud.com/vulnerabilities/161333 https://lists.debian.org/debian-lts-announce/2019/12/msg00015.html https://numanozdemir.com/respdisc/horde/horde.mp4 https://numanozdemir.com/respdisc/horde/horde.txt https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html https://www.exploit-db.com/exploits/46903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-9858 – Horde Form Shell Upload
https://notcve.org/view.php?id=CVE-2019-9858
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) .. • http://packetstormsecurity.com/files/152476/Horde-Form-Shell-Upload.html https://lists.debian.org/debian-lts-announce/2019/06/msg00007.html https://seclists.org/bugtraq/2019/Jun/31 https://ssd-disclosure.com/?p=3814&preview=true https://www.debian.org/security/2019/dsa-4468 https://www.ratiosec.com/2019/horde-groupware-webmail-authenticated-arbitrary-file-injection-to-rce • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-7414
https://notcve.org/view.php?id=CVE-2017-7414
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it. En Horde_Crypt en versiones anteriores a 2.7.6, como se utiliza en Horde Groupware Webmail Edition 5.x hasta la versión 5.2.17, OS puede ocurrir si el usuario tiene activadas las características de PGP en las preferencias del usuario y ha activado la preferencia "¿Deberían verificarse automáticamente los mensajes firmados de PGP cuando se visualizan?". Para aprovechar esta vulnerabilidad, un atacante puede enviar un correo electrónico firmado por PGP (que se ha creado de manera malintencionada) al usuario de la Horda, que debe verlo o visualizarlo. • https://lists.debian.org/debian-lts-announce/2018/06/msg00006.html https://lists.horde.org/archives/horde/Week-of-Mon-20170403/056767.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •