NotCVE - vendor:"Horde" product:"Groupware" version:" <= 5.2.11"

Page 5 of 38 results (0.008 seconds)

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 2

CVE-2013-6365 – Horde 5.1.2 Cross Site Request Forgery / Cross Site Scripting

https://notcve.org/view.php?id=CVE-2013-6365

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions Horde Groupware Web mail versión 5.1.2, presenta una vulnerabilidad de tipo CSRF con peticiones para cambiar permisos. Horde version 5.1.2 suffers from cross site request forgery and cross site scripting vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0013.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6365 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6365 https://packetstormsecurity.com/files/cve/CVE-2013-6365 https://security-tracker.debian.org/tracker/CVE-2013-6365 https://www.securityfocus.com/archive/1/529590 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 3%CPEs: 4EXPL: 2

CVE-2013-6275 – Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2013-6275

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. Múltiples problemas de tipo CSRF en Horde Groupware Webmail Edition versión 5.1.2 y anteriores en el archivo basic.php. Horde Groupware Web Mail Edition version 5.1.2 suffers from multiple cross site request forgery vulnerabilities. • https://www.exploit-db.com/exploits/29274 http://archives.neohapsis.com/archives/bugtraq/2013-10/0134.html http://www.exploit-db.com/exploits/29274 http://www.securityfocus.com/bid/63377 http://www.securitytracker.com/id/1029285 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-6275 https://exchange.xforce.ibmcloud.com/vulnerabilities/88321 https://security-tracker.debian.org/tracker/CVE-2013-6275 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 60%CPEs: 3EXPL: 5

CVE-2012-0209 – Horde 3.3.12 - Backdoor Arbitrary PHP Code Execution

https://notcve.org/view.php?id=CVE-2012-0209

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code. Horde v3.3.12, Horde Groupware v1.2.10, y Horde Groupware Webmail Edition v1.2.10, como el distribuido por FTP entre noviembre del 2011 y febrero del 2012, contiene unas modificaciones introducidas externamente (troyano) en templates/javascript/open_calendar.js, lo que permite a atacantes remotos ejecutar código PHP. • https://www.exploit-db.com/exploits/18492 http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155 http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis http://lists.horde.org/archives/announce/2012/000751.html http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html https://bugzilla.redhat.com/show_bug.cgi?id=790877 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 1

CVE-2010-3693

https://notcve.org/view.php?id=CVE-2010-3693

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Horde Dynamic IMP (DIMP) antes de v1.1.5, y Horde Groupware Webmail Edition antes de v1.2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con nombres de buzón mostrar. • http://bugs.horde.org/ticket/9240 http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d http://lists.horde.org/archives/announce/2010/000561.html http://lists.horde.org/archives/ann • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 73EXPL: 0

CVE-2010-4778

https://notcve.org/view.php?id=CVE-2010-4778

Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en fetchmailprefs.php en Horde IMP antes de v4.3.8, y Horde Groupware Webmail Edition anterior a v1.2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los campos ( 1 ) nombre de usuario (también conocido como fmusername ), ( 2 ) contraseña ( fmpassword alias ), o (3 ) servidor ( también conocido como fmserver ) de la acción fetchmail_prefs_save, relacionados con la configuración de Fetchmail, una cuestión diferente a CVE - 2010-3695. NOTA: algunos de estos detalles han sido obtenidos de información de terceros.. • http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11 http://www.vupen.com/english/advisories/2010/2513 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...3 4 5 6 7