CVE-2004-1443
https://notcve.org/view.php?id=CVE-2004-1443
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. • http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109&ty=h http://secunia.com/advisories/12202 http://www.gentoo.org/security/en/glsa/glsa-200408-07.xml http://www.securityfocus.com/bid/10845 https://exchange.xforce.ibmcloud.com/vulnerabilities/16866 •
CVE-2004-0584
https://notcve.org/view.php?id=CVE-2004-0584
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. Vulnerabilidad desconocida en Hored-IMP 3.2.3 y anteriores, antes de un "arreglo de seguridad" no validan adecuadamente la entrada, lo que permite a atacantes remotos ejecutar script de su elección como otro usuario mediante script o HTML, posiblemente disparando una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS). • http://secunia.com/advisories/11805 http://www.gentoo.org/security/en/glsa/glsa-200406-11.xml http://www.horde.org/imp/3.2 http://www.securityfocus.com/bid/10501 https://exchange.xforce.ibmcloud.com/vulnerabilities/16357 •
CVE-2003-0025
https://notcve.org/view.php?id=CVE-2003-0025
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3. Múltiples vulnerabilidades de inyección de SQL en IMP 2.2.8 y anteriores permiten a atacantes remotos llevar a cabo actividades no autorizadas en la base de datos y posiblemente ganar privilegios mediante ciertas funcines de la base de datos como check_prefs() en db.pgsql, como se demostrado usando mailbox.php3. • http://marc.info/?l=bugtraq&m=104204786206563&w=2 http://secunia.com/advisories/8087 http://secunia.com/advisories/8177 http://www.debian.org/security/2003/dsa-229 http://www.securityfocus.com/archive/1/306268 http://www.securityfocus.com/bid/6559 http://www.securitytracker.com/id?1005904 •
CVE-2002-2024
https://notcve.org/view.php?id=CVE-2002-2024
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages. • http://bugs.horde.org/show_bug.cgi?id=916 http://www.iss.net/security_center/static/8768.php http://www.securityfocus.com/bid/4445 • CWE-219: Storage of File with Sensitive Data Under Web Root •
CVE-2002-0181
https://notcve.org/view.php?id=CVE-2002-0181
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. Vulnderabilidad de secuencias de comandos en sitios cruzados (cross-site scripting) en Horde anteriores a 1.2.8 y IMP anteriores a 2.2.8 permite a atacantes remotos ejecutar scripts y robar cookies de otros usuarios. • http://bugs.horde.org/show_bug.cgi?id=916 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000473 http://marc.info/?l=bugtraq&m=101828033830744&w=2 http://www.calderasystems.com/support/security/advisories/CSSA-2002-016.1.txt http://www.debian.org/security/2002/dsa-126 http://www.iss.net/security_center/static/8769.php http://www.osvdb.org/5345 http://www.securityfocus.com/bid/4444 •