CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 6CVE-2019-12094 – Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
https://notcve.org/view.php?id=CVE-2019-12094
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. Horde Groupware Webmail Edition hasta la versión 5.2.22 permite XSS a través de admin / user.php? • https://bugs.horde.org/ticket/14926 https://cxsecurity.com/issue/WLB-2019050199 https://numanozdemir.com/respdisc/horde/horde.mp4 https://numanozdemir.com/respdisc/horde/horde.txt https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html https://www.exploit-db.com/exploits/46903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 6CVE-2019-12095 – Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
https://notcve.org/view.php?id=CVE-2019-12095
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload. Horde Trean, como se utiliza en Horde Groupware Webmail Edition a través de 5.2.22 y otros productos, permite CSRF, como lo demuestra el parámetro treanBookmarkTags al trean / URI en un servidor de correo web. NOTA: treanBookmarkTags podría, por ejemplo, ser una carga útil XSS almacenada. Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. • https://bugs.horde.org/ticket/14926 https://cxsecurity.com/issue/WLB-2019050199 https://exchange.xforce.ibmcloud.com/vulnerabilities/161333 https://lists.debian.org/debian-lts-announce/2019/12/msg00015.html https://numanozdemir.com/respdisc/horde/horde.mp4 https://numanozdemir.com/respdisc/horde/horde.txt https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html https://www.exploit-db.com/exploits/46903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 95%CPEs: 4EXPL: 3CVE-2019-9858 – Horde Form File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2019-9858
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) .. • http://packetstormsecurity.com/files/152476/Horde-Form-Shell-Upload.html https://lists.debian.org/debian-lts-announce/2019/06/msg00007.html https://seclists.org/bugtraq/2019/Jun/31 https://ssd-disclosure.com/?p=3814&preview=true https://www.debian.org/security/2019/dsa-4468 https://www.ratiosec.com/2019/horde-groupware-webmail-authenticated-arbitrary-file-injection-to-rce https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/horde_form_file_upload.rb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2017-16907
https://notcve.org/view.php?id=CVE-2017-16907
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. En Horde Groupware 5.2.19 y 5.2.21, existe XSS mediante el campo Color en una acción Create Task List. • http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230 https://lists.debian.org/debian-lts-announce/2020/08/msg00046.html https://lists.debian.org/debian-lts-announce/2020/08/msg00047.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2017-16906
https://notcve.org/view.php?id=CVE-2017-16906
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. En Horde Groupware 5.2.19-5.2.22, existe XSS mediante el campo URL en una acción "Calendar -> New Event". • http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html https://github.com/horde/kronolith/commit/09d90141292f9ec516a7a2007bf828ce2bbdf60d https://github.com/starnightcyber/Miscellaneous/blob/master/Horde/README.md https://lists.debian.org/debian-lts-announce/2020/08/msg00049.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •