CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 2CVE-2007-1515 – Horde IMP Webmail 4.0.4 Client - Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1515
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde IMP H3 4.1.3 y, posiblemente, versiones anteriores, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) la cabecera del Subject de los email en el thread.php,(2) el parámetro edit_query del search.php u otros parámetros sin especificar en el search.php. NOTA: algunos de los detalles se obtienen a partir de la información de terceros. • https://www.exploit-db.com/exploits/29742 http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052977.html http://lists.horde.org/archives/announce/2007/000316.html http://secunia.com/advisories/24541 http://www.securityfocus.com/archive/1/462914/100/0/threaded http://www.securityfocus.com/bid/22975 http://www.securitytracker.com/id?1017774 http://www.vupen.com/english/advisories/2007/0964 •
CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 1CVE-2007-1474 – Horde Framework and IMP 2.x/3.x - Cleanup Cron Script Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2007-1474
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. Vulnerabilidad de inyección de argumento en la secuencia de comandos cleanup para cron de Horde Project Horde e IMP anterior a Horde Application Framework 3.1.4 permite a usuarios locales borrar archivos de su elección y posiblemente obtener privilegios mediante múltiples nombres de ruta separados por espacios. • https://www.exploit-db.com/exploits/29746 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489 http://lists.horde.org/archives/announce/2007/000315.html http://secunia.com/advisories/27565 http://www.debian.org/security/2007/dsa-1406 http://www.securityfocus.com/bid/22985 http://www.securitytracker.com/id?1017784 http://www.securitytracker.com/id?1017785 http://www.vupen.com/english/advisories/2007/0965 https://exchange.xforce.ibmcloud.com/vulnerabilities/32997 •
CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2006-4255
https://notcve.org/view.php?id=CVE-2006-4255
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en horde/imp/search.php en Horde IMP H3 anterior a 4.1.3 permite a atacanets remotos incluir secuencias de comandos web o HTML de su elección a través de múltiples vectores no especificados relacionados con nombres de carpetas, como se ha inyectado en el campo de formulario vfolder_label en la pantalla de búsqueda IMP. • http://lists.horde.org/archives/announce/2006/000294.html http://secunia.com/advisories/21533 http://securityreason.com/securityalert/1423 http://securitytracker.com/id?1016713 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457 http://www.securityfocus.com/archive/1/443361/100/0/threaded http://www.securityfocus.com/bid/19544 http://www.vupen.com/english/advisories/2006/3316 https://exchange.xforce.ibmcloud.com/vulnerabilities/28409 •
CVSS: 4.3EPSS: 1%CPEs: 25EXPL: 2CVE-2005-4080 – Horde IMP 2.2.x/3.2.x/4.0.x - Email Attachments HTML Injection
https://notcve.org/view.php?id=CVE-2005-4080
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters. • https://www.exploit-db.com/exploits/26741 http://secunia.com/advisories/17910 http://securityreason.com/securityalert/232 http://securitytracker.com/id?1015315 http://www.securityfocus.com/archive/1/418734/100/0/threaded http://www.securityfocus.com/bid/15730 http://www.vupen.com/english/advisories/2005/2773 https://exchange.xforce.ibmcloud.com/vulnerabilities/23465 •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2005-1319
https://notcve.org/view.php?id=CVE-2005-1319
Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. • http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.119&r2=1.389.2.125&ty=h http://lists.horde.org/archives/imp/Week-of-Mon-20050418/041912.html http://secunia.com/advisories/15080 •