Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

horde horde form vulnerabilities and exploits

(subscribe to this query)
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
4
CVSSv2
CVE-2020-8866
This vulnerability allows remote malicious users to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of pr...
Horde Groupware 5.2.22Horde Horde FormDebian Debian Linux 8.0
4.3
CVSSv2
CVE-2019-12094
Horde Groupware Webmail Edition up to and including 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
Horde Groupware
6.5
CVSSv2
CVE-2019-9858
Remote code execution exists in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload...
Horde Groupware 5.2.17Horde Groupware 5.2.22Debian Debian Linux 8.0Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2016-5303
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition prior to 5.2.16 allows remote malicious users to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink a...
Horde Groupware 5.2.15
4.3
CVSSv2
CVE-2015-8807
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware prior to 5.2.12 and Horde Groupware Webmail Edition prior to 5.2.12 allows remote malicious users to inject arbitrary ...
Fedoraproject Fedora 23Fedoraproject Fedora 22Horde Groupware 5.2.11Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde prior to 5.1.1 allows remote malicious users to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
Horde Horde Application Framework 5.0.4Horde Horde Application Framework 5.0.2Horde Horde Application Framework 5.0.1Horde Horde Application Framework 5.0.0Horde Horde Application FrameworkHorde Horde Application Framework 5.0.3
6.8
CVSSv2
CVE-2010-3694
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework prior to 3.3.9 allows remote malicious users to hijack the authentication of unspecified victims for requests to a preference form.
Horde Horde Application Framework 1.0.3Horde Horde Application Framework 1.1.1Horde Horde Application Framework 2.0Horde Horde Application Framework 2.1Horde Horde Application Framework 2.2.7Horde Horde Application Framework 2.2.8Horde Horde Application Framework 3.0.3Horde Horde Application Framework 3.0.9Horde Horde Application Framework 3.1.3Horde Horde Application Framework 3.1.4Horde Horde Application Framework 3.2.1Horde Horde Application Framework 3.2.3Horde Horde Application Framework 3.3.5Horde Horde Application Framework 3.3.6Horde Horde Application Framework 3.1.8Horde Horde Application Framework 3.0.5Horde Horde Application Framework 3.2Horde Horde Application Framework 3.0.8Horde Horde Application Framework 1.3.3Horde Horde Application Framework 1.3.4Horde Horde Application Framework 2.2Horde Horde Application Framework 2.2.1
4.3
CVSSv2
CVE-2009-3236
The form library in Horde Application Framework 3.2 prior to 3.2.5 and 3.3 prior to 3.3.5; Groupware 1.1 prior to 1.1.6 and 1.2 prior to 1.2.4; and Groupware Webmail Edition 1.1 prior to 1.1.6 and 1.2 prior to 1.2.4; reuses temporary filenames during the upload process which allo...
Horde Application Framework 3.2.3Horde Application Framework 3.2Horde Application Framework 3.3.3Horde Application Framework 3.3.4Horde Groupware 1.1.4Horde Groupware 1.1.5Horde Application Framework 3.2.2Horde Application Framework 3.2.4Horde Groupware 1.1Horde Groupware 1.1.1Horde Groupware 1.2Horde Groupware 1.2.1Horde Application Framework 3.3.1Horde Application Framework 3.3.2Horde Groupware 1.2.3Horde Groupware 1.1.3Horde Application Framework 3.2.1Horde Application Framework 3.3Horde Groupware 1.1.2Horde Groupware 1.2.2
4.3
CVSSv2
CVE-2006-4255
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 prior to 4.1.3 allows remote malicious users to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP...
Horde Horde 3.0.4 Rc1Horde Horde 3.0.4 Rc2Horde Horde 3.0.6Horde Imp 2.2Horde Imp 2.2.1Horde Imp 2.2.8Horde Imp 2.3Horde Imp 3.2.4Horde Imp 3.2.5Horde Horde 3.0.1Horde Horde 3.0.2Horde Horde 3.0.9Horde Horde 3.1Horde Horde 3.0Horde Horde 3.0.7Horde Horde 3.0.8Horde Imp 2.2.2Horde Imp 2.2.3Horde Imp 3.0Horde Imp 3.1Horde Horde 3.0.3Horde Horde 3.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook