Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horde horde vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Horde Groupware 5.2.22
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
1 EDB exploit
8.8
CVSSv3
CVE-2013-6364
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Horde Groupware 5.1.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
8.8
CVSSv3
CVE-2019-12095
Horde Trean, as used in Horde Groupware Webmail Edition up to and including 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
Horde Groupware
8.8
CVSSv3
CVE-2019-9858
Remote code execution exists in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload...
Horde Groupware 5.2.17
Horde Groupware 5.2.22
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2017-9774
Remote Code Execution was found in Horde_Image 2.x prior to 2.5.0 via a crafted GET request. Exploitation requires authentication.
Horde Horde Image Api 2.0.8
Horde Horde Image Api 2.1.0
Horde Horde Image Api 2.3.2
Horde Horde Image Api 2.4.1
Horde Horde Image Api 2.0.0
Horde Horde Image Api 2.3.4
Horde Horde Image Api 2.3.6
Horde Horde Image Api 2.0.7
Horde Horde Image Api 2.3.1
Horde Horde Image Api 2.0.6
Horde Horde Image Api 2.3.0
Horde Horde Image Api 2.0.2
Horde Horde Image Api 2.0.5
Horde Horde Image Api 2.3.3
Horde Horde Image Api 2.0.1
Horde Horde Image Api 2.0.9
Horde Horde Image Api 2.0.3
Horde Horde Image Api 2.0.4
Horde Horde Image Api 2.4.0
Horde Horde Image Api 2.3.5
Horde Horde Image Api 2.2.0
8.8
CVSSv3
CVE-2017-7413
In Horde_Crypt prior to 2.7.6, as used in Horde Groupware Webmail Edition up to and including 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed t...
Horde Groupware
8.1
CVSSv3
CVE-2016-10804
The SQLite journal feature in cPanel prior to 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).
Cpanel Cpanel
8.1
CVSSv3
CVE-2014-3999
The Horde_Ldap library prior to 2.0.6 for Horde allows remote malicious users to bypass authentication by leveraging knowledge of the LDAP bind user DN.
Horde Horde Ldap
8.1
CVSSv3
CVE-2017-14650
A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability ...
Horde Horde Image Api 2.0.8
Horde Horde Image Api 2.1.0
Horde Horde Image Api 2.3.2
Horde Horde Image Api 2.4.1
Horde Horde Image Api 2.0.0
Horde Horde Image Api 2.3.4
Horde Horde Image Api 2.3.6
Horde Horde Image Api 2.0.7
Horde Horde Image Api 2.3.1
Horde Horde Image Api 2.0.6
Horde Horde Image Api 2.3.0
Horde Horde Image Api 2.0.2
Horde Horde Image Api 2.0.5
Horde Horde Image Api 2.3.3
Horde Horde Image Api 2.0.1
Horde Horde Image Api 2.0.9
Horde Horde Image Api 2.0.3
Horde Horde Image Api 2.0.4
Horde Horde Image Api 2.4.0
Horde Horde Image Api 2.3.5
Horde Horde Image Api 2.2.0
Horde Horde Image Api 2.5.0
8
CVSSv3
CVE-2022-30287
Horde Groupware Webmail Edition up to and including 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Horde Groupware
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »