CVE-2019-12094 – Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
https://notcve.org/view.php?id=CVE-2019-12094
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. Horde Groupware Webmail Edition hasta la versión 5.2.22 permite XSS a través de admin / user.php? • https://bugs.horde.org/ticket/14926 https://cxsecurity.com/issue/WLB-2019050199 https://numanozdemir.com/respdisc/horde/horde.mp4 https://numanozdemir.com/respdisc/horde/horde.txt https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html https://www.exploit-db.com/exploits/46903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12095 – Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
https://notcve.org/view.php?id=CVE-2019-12095
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload. Horde Trean, como se utiliza en Horde Groupware Webmail Edition a través de 5.2.22 y otros productos, permite CSRF, como lo demuestra el parámetro treanBookmarkTags al trean / URI en un servidor de correo web. NOTA: treanBookmarkTags podría, por ejemplo, ser una carga útil XSS almacenada. Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. • https://bugs.horde.org/ticket/14926 https://cxsecurity.com/issue/WLB-2019050199 https://exchange.xforce.ibmcloud.com/vulnerabilities/161333 https://lists.debian.org/debian-lts-announce/2019/12/msg00015.html https://numanozdemir.com/respdisc/horde/horde.mp4 https://numanozdemir.com/respdisc/horde/horde.txt https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html https://www.exploit-db.com/exploits/46903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-9858 – Horde Form Shell Upload
https://notcve.org/view.php?id=CVE-2019-9858
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) .. • http://packetstormsecurity.com/files/152476/Horde-Form-Shell-Upload.html https://lists.debian.org/debian-lts-announce/2019/06/msg00007.html https://seclists.org/bugtraq/2019/Jun/31 https://ssd-disclosure.com/?p=3814&preview=true https://www.debian.org/security/2019/dsa-4468 https://www.ratiosec.com/2019/horde-groupware-webmail-authenticated-arbitrary-file-injection-to-rce • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-16907
https://notcve.org/view.php?id=CVE-2017-16907
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. En Horde Groupware 5.2.19 y 5.2.21, existe XSS mediante el campo Color en una acción Create Task List. • http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230 https://lists.debian.org/debian-lts-announce/2020/08/msg00046.html https://lists.debian.org/debian-lts-announce/2020/08/msg00047.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16908
https://notcve.org/view.php?id=CVE-2017-16908
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. En Horde Groupware 5.2.19, existe XSS mediante el campo Name durante la creación de un nuevo recurso. Esto puede aprovecharse para ejecutar código de forma remota tras comprometer una cuenta de administrador, ya que se puede omitir el mecanismo de protección CSRF relacionado con CVE-2015-7984. • http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716 https://lists.debian.org/debian-lts-announce/2020/08/msg00048.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •