Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horde horde form vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-8866
This vulnerability allows remote malicious users to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of pr...
Horde Groupware 5.2.22
Horde Horde Form
Debian Debian Linux 8.0
2 EDB exploits
NA
CVE-2006-4255
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 prior to 4.1.3 allows remote malicious users to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP...
Horde Horde 3.0.4 Rc1
Horde Horde 3.0.4 Rc2
Horde Horde 3.0.6
Horde Imp 2.2
Horde Imp 2.2.1
Horde Imp 2.2.8
Horde Imp 2.3
Horde Imp 3.2.4
Horde Imp 3.2.5
Horde Horde 3.0.1
Horde Horde 3.0.2
Horde Horde 3.0.9
Horde Horde 3.1
Horde Horde 3.0
Horde Horde 3.0.7
Horde Horde 3.0.8
Horde Imp 2.2.2
Horde Imp 2.2.3
Horde Imp 3.0
Horde Imp 3.1
Horde Horde 3.0.3
Horde Horde 3.0.4
NA
CVE-2010-3694
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework prior to 3.3.9 allows remote malicious users to hijack the authentication of unspecified victims for requests to a preference form.
Horde Horde Application Framework 1.0.3
Horde Horde Application Framework 1.1.1
Horde Horde Application Framework 2.0
Horde Horde Application Framework 2.1
Horde Horde Application Framework 2.2.7
Horde Horde Application Framework 2.2.8
Horde Horde Application Framework 3.0.3
Horde Horde Application Framework 3.0.9
Horde Horde Application Framework 3.1.3
Horde Horde Application Framework 3.1.4
Horde Horde Application Framework 3.2.1
Horde Horde Application Framework 3.2.3
Horde Horde Application Framework 3.3.5
Horde Horde Application Framework 3.3.6
Horde Horde Application Framework 3.1.8
Horde Horde Application Framework 3.0.5
Horde Horde Application Framework 3.2
Horde Horde Application Framework 3.0.8
Horde Horde Application Framework 1.3.3
Horde Horde Application Framework 1.3.4
Horde Horde Application Framework 2.2
Horde Horde Application Framework 2.2.1
NA
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde prior to 5.1.1 allows remote malicious users to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
Horde Horde Application Framework 5.0.4
Horde Horde Application Framework 5.0.2
Horde Horde Application Framework 5.0.1
Horde Horde Application Framework 5.0.0
Horde Horde Application Framework
Horde Horde Application Framework 5.0.3
1 EDB exploit
NA
CVE-2009-3236
The form library in Horde Application Framework 3.2 prior to 3.2.5 and 3.3 prior to 3.3.5; Groupware 1.1 prior to 1.1.6 and 1.2 prior to 1.2.4; and Groupware Webmail Edition 1.1 prior to 1.1.6 and 1.2 prior to 1.2.4; reuses temporary filenames during the upload process which allo...
Horde Application Framework 3.2.3
Horde Application Framework 3.2
Horde Application Framework 3.3.3
Horde Application Framework 3.3.4
Horde Groupware 1.1.4
Horde Groupware 1.1.5
Horde Application Framework 3.2.2
Horde Application Framework 3.2.4
Horde Groupware 1.1
Horde Groupware 1.1.1
Horde Groupware 1.2
Horde Groupware 1.2.1
Horde Application Framework 3.3.1
Horde Application Framework 3.3.2
Horde Groupware 1.2.3
Horde Groupware 1.1.3
Horde Application Framework 3.2.1
Horde Application Framework 3.3
Horde Groupware 1.1.2
Horde Groupware 1.2.2
8.8
CVSSv3
CVE-2019-9858
Remote code execution exists in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload...
Horde Groupware 5.2.17
Horde Groupware 5.2.22
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2016-5303
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition prior to 5.2.16 allows remote malicious users to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink a...
Horde Groupware 5.2.15
NA
CVE-2000-0911
IMP 2.2 and previous versions allows malicious users to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
Horde Imp 2.0
Horde Imp 2.2
6.1
CVSSv3
CVE-2019-12094
Horde Groupware Webmail Edition up to and including 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
Horde Groupware
6.1
CVSSv3
CVE-2015-8807
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware prior to 5.2.12 and Horde Groupware Webmail Edition prior to 5.2.12 allows remote malicious users to inject arbitrary ...
Fedoraproject Fedora 23
Fedoraproject Fedora 22
Horde Groupware 5.2.11
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »