Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horde imp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1515
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote malicious users to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified pa...
Horde Imp
1 EDB exploit
NA
CVE-2007-6018
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote malicious users to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" delet...
Horde Horde 3.1.5
Horde Framework 3.1.5
Horde Groupware Webmail Edition 1.0.3
Horde Imp 4.1.5
NA
CVE-2002-2024
Horde IMP 2.2.7 allows remote malicious users to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
Horde Imp 2.2.7
5.9
CVSSv3
CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o...
Microsoft Outlook 2007
Horde Horde Imp -
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Freron Mailmate -
Mozilla Thunderbird -
Emclient Emclient -
Postbox-inc Postbox -
Roundcube Webmail -
1 Github repository
1 Article
NA
CVE-2001-0857
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and previous versions allows remote malicious users to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
Imp Webmail
1 EDB exploit
NA
CVE-2014-4945
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) prior to 6.1.8, as used in Horde Groupware Webmail Edition prior to 5.1.5, allow remote malicious users to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox...
Horde Internet Mail Program 6.1.0
Horde Groupware 5.0.2
Horde Internet Mail Program 6.0.2
Horde Internet Mail Program 6.0.6
Horde Internet Mail Program 6.0.5
Horde Groupware 5.1.1
Horde Internet Mail Program 6.0.0
Horde Groupware 5.0.0
Horde Groupware 5.1.0
Horde Internet Mail Program 6.1.5
Horde Internet Mail Program 6.1.3
Horde Internet Mail Program
Horde Groupware 5.0.5
Horde Internet Mail Program 6.0.1
Horde Groupware 5.1.3
Horde Internet Mail Program 6.0.4
Horde Groupware 5.1.2
Horde Internet Mail Program 6.1.4
Horde Internet Mail Program 6.1.2
Horde Groupware
Horde Internet Mail Program 6.1.6
Horde Groupware 5.0.4
NA
CVE-2014-4946
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) prior to 6.1.8, as used in Horde Groupware Webmail Edition prior to 5.1.5, allow remote malicious users to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name ...
Horde Internet Mail Program 6.1.0
Horde Groupware 5.0.2
Horde Internet Mail Program 6.0.2
Horde Internet Mail Program 6.0.6
Horde Internet Mail Program 6.0.5
Horde Groupware 5.1.1
Horde Internet Mail Program 6.0.0
Horde Groupware 5.0.0
Horde Groupware 5.1.0
Horde Internet Mail Program 6.1.5
Horde Internet Mail Program 6.1.3
Horde Internet Mail Program
Horde Groupware 5.0.5
Horde Internet Mail Program 6.0.1
Horde Groupware 5.1.3
Horde Internet Mail Program 6.0.4
Horde Groupware 5.1.2
Horde Internet Mail Program 6.1.4
Horde Internet Mail Program 6.1.2
Horde Groupware
Horde Internet Mail Program 6.1.6
Horde Groupware 5.0.4
5.9
CVSSv3
CVE-2017-17689
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Microsoft Outlook 2016
Microsoft Outlook 2007
Microsoft Outlook 2013
Microsoft Outlook 2010
Horde Horde Imp -
Google Gmail -
9folders Nine -
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Freron Mailmate -
Kde Kmail -
Kde Trojita -
Gnome Evolution -
Mozilla Thunderbird -
Ibm Notes -
Emclient Emclient -
Postbox-inc Postbox -
Ritlabs The Bat -
1 Github repository
1 Article
NA
CVE-2010-1638
The IMP plugin in Horde allows remote malicious users to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations ...
Horde Horde
NA
CVE-2008-4182
Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions prior to 2.3.1, and possibly other Horde Project products, allows remote malicious users to inject arbitrary web script or HTML via the User field in an IMAP sessio...
Horde Turba Contact Manager H3 3.2.2
Horde Turba Contact Manager H3 2.2.1
Horde Turba Contact Manager H3 3.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »