Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horde imp 2.2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2003-0025
Multiple SQL injection vulnerabilities in IMP 2.2.8 and previous versions allow remote malicious users to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
Horde Imp 2.2.7
Horde Imp 2.2.5
Horde Imp 2.2.1
Horde Imp 2.2.2
Horde Imp 2.2.4
Horde Imp 2.2.6
Horde Imp 2.2
Horde Imp 2.2.8
Horde Imp 2.2.3
7.5
CVSSv2
CVE-2001-0857
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and previous versions allows remote malicious users to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
Imp Webmail
1 EDB exploit
7.5
CVSSv2
CVE-2001-1257
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) prior to 2.2.6 and 1.2.6 allows remote malicious users to execute arbitrary Javascript embedded in an email.
Horde Imp 2.2.5
Horde Imp 2.2.1
Horde Imp 2.2.2
Horde Imp 2.2.4
Horde Imp 2.0
Horde Imp 2.2
Horde Imp 2.2.3
6.8
CVSSv2
CVE-2007-1474
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.
Horde Imp 2.2.7
Horde Imp 2.2.5
Horde Horde Application Framework 3.0.0
Horde Imp 3.1
Horde Horde Application Framework 3.0.4
Horde Imp 3.2.4
Horde Imp 3.1.2
Horde Imp 2.2.1
Horde Imp 3.2.2
Horde Imp 2.2.2
Horde Imp 2.2.4
Horde Imp 2.0
Horde Imp 2.2.6
Horde Imp 3.2.3
Horde Imp 3.2.5
Horde Imp 3.2.6
Horde Imp 2.2
Horde Imp 2.3
Horde Imp 3.2
Horde Imp 2.2.8
Horde Imp 2.2.3
Horde Horde Application Framework 3.1.3
1 EDB exploit
6.8
CVSSv2
CVE-2004-0584
Unknown vulnerability in Horde IMP 3.2.3 and previous versions, before a "security fix," does not properly validate input, which allows remote malicious users to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross...
Horde Imp 2.2.7
Horde Imp 2.2.5
Horde Imp 3.1
Horde Imp 3.1.2
Horde Imp 2.2.1
Horde Imp 3.2.2
Horde Imp 2.2.2
Horde Imp 2.2.4
Horde Imp 2.0
Horde Imp 2.2.6
Horde Imp 3.2.3
Horde Imp 2.2
Horde Imp 2.3
Horde Imp 3.2
Horde Imp 2.2.8
Horde Imp 2.2.3
Horde Imp 3.0
Horde Imp 3.2.1
5
CVSSv2
CVE-2010-0463
Horde IMP 4.3.6 and previous versions does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote malicious users to determine the network location of the webmail user by logging DNS requests.
Horde Imp 2.2.7
Horde Imp 2.2.5
Horde Imp 4.0
Horde Imp 4.1.3
Horde Imp 4.1.6
Horde Imp 3.1
Horde Imp 3.2.4
Horde Imp 3.1.2
Horde Imp 4.3.3
Horde Imp 4.2
Horde Imp 2.2.1
Horde Imp 3.2.2
Horde Imp 4.3.1
Horde Imp 2.2.2
Horde Imp 4.0.2
Horde Imp 2.2.4
Horde Imp 2.0
Horde Imp 4.2.1
Horde Imp 4.3.2
Horde Imp 2.2.6
Horde Imp 4.3.5
Horde Imp 4.2.2
5
CVSSv2
CVE-2000-0911
IMP 2.2 and previous versions allows malicious users to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
Horde Imp 2.0
Horde Imp 2.2
4.3
CVSSv2
CVE-2012-0791
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP prior to 5.0.18 and Horde Groupware Webmail Edition prior to 4.0.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compo...
Horde Imp 2.2.7
Horde Dynamic Imp 1.1
Horde Imp 2.2.5
Horde Imp 4.0
Horde Dynamic Imp 1.1.6
Horde Imp 4.1.3
Horde Dynamic Imp 1.1.1
Horde Dynamic Imp 5.0.4
Horde Imp 4.1.6
Horde Imp 5.0.3
Horde Imp 3.1
Horde Imp 5.0.2
Horde Dynamic Imp 5.0.13
Horde Imp 4.3.6
Horde Dynamic Imp 1.0
Horde Dynamic Imp 5.0.5
Horde Imp 3.2.4
Horde Imp 3.1.2
Horde Imp 5.0
Horde Imp 4.3.3
Horde Imp 4.2
Horde Dynamic Imp
4.3
CVSSv2
CVE-2010-4778
Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP prior to 4.3.8, and Horde Groupware Webmail Edition prior to 1.2.7, allow remote malicious users to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka ...
Horde Imp 2.2.7
Horde Imp 2.2.5
Horde Imp 4.0
Horde Imp 4.1.3
Horde Imp 4.1.6
Horde Imp 3.1
Horde Imp 4.3.6
Horde Imp 3.2.4
Horde Imp 3.1.2
Horde Imp 4.3.3
Horde Imp 4.2
Horde Imp 2.2.1
Horde Imp 3.2.2
Horde Imp 4.3.1
Horde Imp 2.2.2
Horde Imp 4.0.2
Horde Imp 2.2.4
Horde Imp
Horde Imp 2.0
Horde Imp 4.2.1
Horde Imp 4.3.2
Horde Imp 2.2.6
4.3
CVSSv2
CVE-2010-3695
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP prior to 4.3.8, and Horde Groupware Webmail Edition prior to 1.2.7, allows remote malicious users to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related t...
Horde Imp 2.2.7
Horde Imp 2.2.5
Horde Imp 4.0
Horde Imp 4.1.3
Horde Imp 4.1.6
Horde Imp 3.1
Horde Imp 4.3.6
Horde Imp 3.2.4
Horde Imp 3.1.2
Horde Imp 4.3.3
Horde Imp 4.2
Horde Imp 2.2.1
Horde Imp 3.2.2
Horde Imp 4.3.1
Horde Imp 2.2.2
Horde Imp 4.0.2
Horde Imp 2.2.4
Horde Imp
Horde Imp 2.0
Horde Imp 4.2.1
Horde Imp 4.3.2
Horde Imp 2.2.6
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »