CVE-2002-0181
https://notcve.org/view.php?id=CVE-2002-0181
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. Vulnderabilidad de secuencias de comandos en sitios cruzados (cross-site scripting) en Horde anteriores a 1.2.8 y IMP anteriores a 2.2.8 permite a atacantes remotos ejecutar scripts y robar cookies de otros usuarios. • http://bugs.horde.org/show_bug.cgi?id=916 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000473 http://marc.info/?l=bugtraq&m=101828033830744&w=2 http://www.calderasystems.com/support/security/advisories/CSSA-2002-016.1.txt http://www.debian.org/security/2002/dsa-126 http://www.iss.net/security_center/static/8769.php http://www.osvdb.org/5345 http://www.securityfocus.com/bid/4444 •
CVE-2001-0744
https://notcve.org/view.php?id=CVE-2001-0744
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-025.0.txt http://archives.neohapsis.com/archives/bugtraq/2001-05/0303.html http://www.horde.org/imp/2.2/news.php •
CVE-2001-1258
https://notcve.org/view.php?id=CVE-2001-1258
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410 http://online.securityfocus.com/archive/1/198495 http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt http://www.debian.org/security/2001/dsa-073 http://www.iss.net/security_center/static/6906.php http://www.securityfocus.com/bid/3083 •
CVE-2001-1257
https://notcve.org/view.php?id=CVE-2001-1257
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410 http://online.securityfocus.com/archive/1/198495 http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt http://www.debian.org/security/2001/dsa-073 http://www.iss.net/security_center/static/6905.php http://www.securityfocus.com/bid/3082 •
CVE-2000-0911
https://notcve.org/view.php?id=CVE-2000-0911
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. • http://www.securityfocus.com/archive/1/82088 http://www.securityfocus.com/bid/1679 https://exchange.xforce.ibmcloud.com/vulnerabilities/5227 •