CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2017-9773 – Debian Security Advisory 4276-1
https://notcve.org/view.php?id=CVE-2017-9773
21 Jun 2017 — Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. Se ha encontrado una denegación de servicio (DoS) en Horde_Image en versiones 2.x anteriores a la 2.5.0 mediante una URL manipulada en el controlador de imagen "Null". Fariskhi Vidyan and Thomas Jarosch discovered several vulnerabilities in php-horde-image, the image processing library for the Horde groupware suite. They would allow an attacker to cause a denial-of-service or execute arbitrary code. • https://lists.horde.org/archives/announce/2017/001234.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 7%CPEs: 24EXPL: 0CVE-2017-9774 – Debian Security Advisory 4276-1
https://notcve.org/view.php?id=CVE-2017-9774
21 Jun 2017 — Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. Se ha encontrado una ejecución remota de código en Horde_Image en versiones 2.x anteriores a la 2.5.0 mediante una petición GET manipulada. Su explotación requiere autenticación. Fariskhi Vidyan and Thomas Jarosch discovered several vulnerabilities in php-horde-image, the image processing library for the Horde groupware suite. • https://lists.horde.org/archives/announce/2017/001234.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 18%CPEs: 1EXPL: 0CVE-2017-7413
https://notcve.org/view.php?id=CVE-2017-7413
04 Apr 2017 — In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address. En Horde_Crypt en versiones anteriores a 2.7.6, como se utiliza en Horde Groupware Webmail Edition hasta la versión 5.2.17, OS Comand Inyection puede ocurrir si el atacante es un usuario autenticado Horde We... • https://lists.debian.org/debian-lts-announce/2018/06/msg00006.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 0CVE-2017-7414
https://notcve.org/view.php?id=CVE-2017-7414
04 Apr 2017 — In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it. En Horde_Crypt en versiones anteriores a 2.7.6, como se utiliza ... • https://lists.debian.org/debian-lts-announce/2018/06/msg00006.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5303
https://notcve.org/view.php?id=CVE-2016-5303
20 Dec 2016 — Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute. Vulnerabilidad de XSS en la API Horde Text Filter en Horde Groupware y Horde Groupware Webmail Edition en versiones anteriores a 5.2.16 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de... • http://marc.info/?l=horde-announce&m=147319066126665&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2015-8807 – Debian Security Advisory 3496-1
https://notcve.org/view.php?id=CVE-2015-8807
29 Feb 2016 — Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields. Vulnerabilidad de XSS en la función _renderVarenput_number en horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php en Horde Groupware en versiones anteriores a 5.2.12 y Hord... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2016-2228 – Debian Security Advisory 3497-1
https://notcve.org/view.php?id=CVE-2016-2228
29 Feb 2016 — Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php. Vulnerabilidad de XSS en horde/templates/topbar/_menubar.html.php en Horde Groupware en versiones anteriores a 5.2.12 y Horde Groupware Webmail Edition en versiones anteriores a 5.2.12 permi... • http://bugs.horde.org/ticket/14213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 3CVE-2015-7984 – Horde Groupware 5.2.10 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-7984
19 Nov 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php. Múltiples vulnerabilidades de CSRF en Horde en versiones anteri... • https://packetstorm.news/files/id/134431 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0CVE-2014-4945
https://notcve.org/view.php?id=CVE-2014-4945
14 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view. Múltiples vulnerabilidades de XSS en Horde Internet Mail Program (IMP) anterior a 6.1.8, utilizado en Horde Groupware Webmail Edition anterior a 5.1.5, permiten a atacantes remotos inyectar secuencias de comandos web o H... • http://lists.horde.org/archives/announce/2014/001019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0CVE-2014-4946
https://notcve.org/view.php?id=CVE-2014-4946
14 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view. Múltiples vulnerabilidades de XSS en Horde Internet Mail Program (IMP) anterior a 6.1.8, utilizado en Horde Groupware Webmail Edition anterior a 5.1.5, permiten a atacantes remotos inyectar secuencias de comandos ... • http://lists.horde.org/archives/announce/2014/001019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •