Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horde groupware vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Horde Groupware 5.2.22
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
1 EDB exploit
8.8
CVSSv3
CVE-2013-6364
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Horde Groupware 5.1.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
8.8
CVSSv3
CVE-2019-12095
Horde Trean, as used in Horde Groupware Webmail Edition up to and including 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
Horde Groupware
8.8
CVSSv3
CVE-2019-9858
Remote code execution exists in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload...
Horde Groupware 5.2.17
Horde Groupware 5.2.22
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2017-9774
Remote Code Execution was found in Horde_Image 2.x prior to 2.5.0 via a crafted GET request. Exploitation requires authentication.
Horde Horde Image Api 2.0.8
Horde Horde Image Api 2.1.0
Horde Horde Image Api 2.3.2
Horde Horde Image Api 2.4.1
Horde Horde Image Api 2.0.0
Horde Horde Image Api 2.3.4
Horde Horde Image Api 2.3.6
Horde Horde Image Api 2.0.7
Horde Horde Image Api 2.3.1
Horde Horde Image Api 2.0.6
Horde Horde Image Api 2.3.0
Horde Horde Image Api 2.0.2
Horde Horde Image Api 2.0.5
Horde Horde Image Api 2.3.3
Horde Horde Image Api 2.0.1
Horde Horde Image Api 2.0.9
Horde Horde Image Api 2.0.3
Horde Horde Image Api 2.0.4
Horde Horde Image Api 2.4.0
Horde Horde Image Api 2.3.5
Horde Horde Image Api 2.2.0
8.8
CVSSv3
CVE-2017-7413
In Horde_Crypt prior to 2.7.6, as used in Horde Groupware Webmail Edition up to and including 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed t...
Horde Groupware
8.1
CVSSv3
CVE-2017-14650
A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability ...
Horde Horde Image Api 2.0.8
Horde Horde Image Api 2.1.0
Horde Horde Image Api 2.3.2
Horde Horde Image Api 2.4.1
Horde Horde Image Api 2.0.0
Horde Horde Image Api 2.3.4
Horde Horde Image Api 2.3.6
Horde Horde Image Api 2.0.7
Horde Horde Image Api 2.3.1
Horde Horde Image Api 2.0.6
Horde Horde Image Api 2.3.0
Horde Horde Image Api 2.0.2
Horde Horde Image Api 2.0.5
Horde Horde Image Api 2.3.3
Horde Horde Image Api 2.0.1
Horde Horde Image Api 2.0.9
Horde Horde Image Api 2.0.3
Horde Horde Image Api 2.0.4
Horde Horde Image Api 2.4.0
Horde Horde Image Api 2.3.5
Horde Horde Image Api 2.2.0
Horde Horde Image Api 2.5.0
8
CVSSv3
CVE-2022-30287
Horde Groupware Webmail Edition up to and including 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Horde Groupware
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2017-15235
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote malicious users to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
Horde Groupware 5.2.21
1 EDB exploit
7.5
CVSSv3
CVE-2017-7414
In Horde_Crypt prior to 2.7.6, as used in Horde Groupware Webmail Edition 5.x up to and including 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically veri...
Horde Groupware 5.0.2
Horde Groupware 5.1.5
Horde Groupware 5.1.1
Horde Groupware 5.0.0
Horde Groupware 5.1.0
Horde Groupware 5.2.0
Horde Groupware 5.2.1
Horde Groupware 5.2.5
Horde Groupware 5.2.2
Horde Groupware 5.0.5
Horde Groupware 5.1.3
Horde Groupware 5.1.2
Horde Groupware 5.2.3
Horde Groupware 5.1.4
Horde Groupware 5.2.4
Horde Groupware 5.0.4
Horde Groupware 5.0.3
Horde Groupware 5.2.6
Horde Groupware 5.0.1
Horde Groupware 5.2.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »