11 results (0.009 seconds)

CVSS: 6.8EPSS: 0%CPEs: 84EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Horde Application Framework anterior a v3.3.9 permite a los atacantes remotos secuestrar la autenticación de víctimas sin especificar en peticiones a un formulario preferente. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html http://lists.horde.org/archives/announce/2010/000557.html http://secunia.com/advisories/42140 https://bugzilla.redhat.com/show_bug.cgi?id=630687 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 84EXPL: 2

Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en util/icon_browser.php en el Horde Application Framework anterior a v3.3.9 que permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro "subdir". • https://www.exploit-db.com/exploits/34605 http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html http://lists.horde.org/archives/announce/2010/000557.html http://seclists.org/fulldisclosure/2010/Sep/82 http://secunia.com/advisories/42140 https://bu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la secuencia de comandos de búsqueda de nube de etiquetas (horde/services/portal/cloud_search.php) en Horde anterior a v3.2.4 y v3.3.3, y Horde Groupware anterior a v1.1.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5 http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503 http://lists.horde.org/archives/announce/2009/000482.html http://lists.horde.org/archives/announce/2009/000483.html http://lists.horde.org/archives/announce/2009/000486.html http://secunia.com/advisories/33695 http://www.securityfocus.com/bid/33491 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 37EXPL: 1

Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en framework/NLS/NLS.php en Horde Framework anterior a 3.1.4 RC1, cuando la página de login contiene una caja de elección de idioma, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro new_lang en login.php. • https://www.exploit-db.com/exploits/29745 http://lists.horde.org/archives/announce/2007/000315.html http://secunia.com/advisories/24528 http://secunia.com/advisories/24995 http://secunia.com/advisories/27565 http://securityreason.com/securityalert/2427 http://securitytracker.com/id?1017775 http://www.debian.org/security/2007/dsa-1406 http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.osvdb.org/33084 http://www.securityfocus.com/archive/1/462915/ •

CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 1

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. Vulnerabilidad de inyección de argumento en la secuencia de comandos cleanup para cron de Horde Project Horde e IMP anterior a Horde Application Framework 3.1.4 permite a usuarios locales borrar archivos de su elección y posiblemente obtener privilegios mediante múltiples nombres de ruta separados por espacios. • https://www.exploit-db.com/exploits/29746 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489 http://lists.horde.org/archives/announce/2007/000315.html http://secunia.com/advisories/27565 http://www.debian.org/security/2007/dsa-1406 http://www.securityfocus.com/bid/22985 http://www.securitytracker.com/id?1017784 http://www.securitytracker.com/id?1017785 http://www.vupen.com/english/advisories/2007/0965 https://exchange.xforce.ibmcloud.com/vulnerabilities/32997 •