CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2013-6364 – Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-6364
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book Horde Groupware Webmail Edition, presenta una vulnerabilidad de tipo CSRF y XSS, cuando se guarda una búsqueda como una libreta de direcciones virtual. Horde version 5.1.2 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/29519 http://archives.neohapsis.com/archives/bugtraq/2013-11/0012.html http://www.exploit-db.com/exploits/29519 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6364 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6364 https://security-tracker.debian.org/tracker/CVE-2013-6364 https://www.securityfocus.com/archive/1/529589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 2CVE-2013-6365 – Horde 5.1.2 Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6365
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions Horde Groupware Web mail versión 5.1.2, presenta una vulnerabilidad de tipo CSRF con peticiones para cambiar permisos. Horde version 5.1.2 suffers from cross site request forgery and cross site scripting vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0013.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6365 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6365 https://packetstormsecurity.com/files/cve/CVE-2013-6365 https://security-tracker.debian.org/tracker/CVE-2013-6365 https://www.securityfocus.com/archive/1/529590 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 3%CPEs: 4EXPL: 2CVE-2013-6275 – Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-6275
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. Múltiples problemas de tipo CSRF en Horde Groupware Webmail Edition versión 5.1.2 y anteriores en el archivo basic.php. Horde Groupware Web Mail Edition version 5.1.2 suffers from multiple cross site request forgery vulnerabilities. • https://www.exploit-db.com/exploits/29274 http://archives.neohapsis.com/archives/bugtraq/2013-10/0134.html http://www.exploit-db.com/exploits/29274 http://www.securityfocus.com/bid/63377 http://www.securitytracker.com/id/1029285 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-6275 https://exchange.xforce.ibmcloud.com/vulnerabilities/88321 https://security-tracker.debian.org/tracker/CVE-2013-6275 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 58%CPEs: 3EXPL: 5CVE-2012-0209 – Horde 3.3.12 - Backdoor Arbitrary PHP Code Execution
https://notcve.org/view.php?id=CVE-2012-0209
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code. Horde v3.3.12, Horde Groupware v1.2.10, y Horde Groupware Webmail Edition v1.2.10, como el distribuido por FTP entre noviembre del 2011 y febrero del 2012, contiene unas modificaciones introducidas externamente (troyano) en templates/javascript/open_calendar.js, lo que permite a atacantes remotos ejecutar código PHP. • https://www.exploit-db.com/exploits/18492 http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155 http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis http://lists.horde.org/archives/announce/2012/000751.html http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html https://bugzilla.redhat.com/show_bug.cgi?id=790877 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 73EXPL: 0CVE-2010-4778
https://notcve.org/view.php?id=CVE-2010-4778
Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en fetchmailprefs.php en Horde IMP antes de v4.3.8, y Horde Groupware Webmail Edition anterior a v1.2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los campos ( 1 ) nombre de usuario (también conocido como fmusername ), ( 2 ) contraseña ( fmpassword alias ), o (3 ) servidor ( también conocido como fmserver ) de la acción fetchmail_prefs_save, relacionados con la configuración de Fetchmail, una cuestión diferente a CVE - 2010-3695. NOTA: algunos de estos detalles han sido obtenidos de información de terceros.. • http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11 http://www.vupen.com/english/advisories/2010/2513 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •