Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian horde groupware vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2022-30287
Horde Groupware Webmail Edition up to and including 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Horde Groupware
Debian Debian Linux 10.0
5.4
CVSSv3
CVE-2022-26874
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer prior to 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.
Horde Horde Mime Viewer
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2021-26929
An XSS issue exists in Horde Groupware Webmail Edition up to and including 5.2.22 (where the Horde_Text_Filter library prior to 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2h...
Horde Groupware
Debian Debian Linux 9.0
6.3
CVSSv3
CVE-2020-8865
This vulnerability allows remote malicious users to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] p...
Horde Groupware 5.2.22
Debian Debian Linux 8.0
2 EDB exploits
6.5
CVSSv3
CVE-2020-8866
This vulnerability allows remote malicious users to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of pr...
Horde Groupware 5.2.22
Horde Horde Form
Debian Debian Linux 8.0
2 EDB exploits
9.8
CVSSv3
CVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Horde Groupware 5.2.22
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
1 EDB exploit
6.5
CVSSv3
CVE-2013-6275
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and previous versions in basic.php.
Horde Groupware
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
8.8
CVSSv3
CVE-2013-6364
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Horde Groupware 5.1.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
5.3
CVSSv3
CVE-2013-6365
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
Horde Groupware 5.1.2
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2019-9858
Remote code execution exists in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload...
Horde Groupware 5.2.17
Horde Groupware 5.2.22
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »