Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horde groupware webmail edition vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2012-0209
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote malicious u...
Horde Groupware 1.2.10
Horde Horde 3.3.12
1 EDB exploit
9
CVSSv2
CVE-2017-7413
In Horde_Crypt prior to 2.7.6, as used in Horde Groupware Webmail Edition up to and including 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed t...
Horde Groupware
4.3
CVSSv2
CVE-2020-8035
The image view functionality in Horde Groupware Webmail Edition prior to 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making the...
Horde Groupware
4.9
CVSSv2
CVE-2008-0807
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x prior to 2.1.7 and 2.2.x prior to 2.2-RC3, as used in products such as Horde Groupware prior to 1.0.4 and Horde Groupware Webmail Edition prior to 1.0.5, does not properly check access rights, which allows remote aut...
Horde Groupware 1.0.3
Horde Groupware Webmail Edition 1.0.4
Horde Turba Contact Manager 2.1.6
4.3
CVSSv2
CVE-2016-5303
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition prior to 5.2.16 allows remote malicious users to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink a...
Horde Groupware 5.2.15
7.5
CVSSv2
CVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Horde Groupware 5.2.22
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
1 EDB exploit
6.8
CVSSv2
CVE-2015-7984
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde prior to 5.2.8, Horde Groupware prior to 5.2.11, and Horde Groupware Webmail Edition prior to 5.2.11 allow remote malicious users to hijack the authentication of administrators for requests that execute arbitrary...
Horde Groupware
Horde Horde Application Framework
Debian Debian Linux 8.0
1 EDB exploit
NA
CVE-2022-30287
Horde Groupware Webmail Edition up to and including 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Horde Groupware
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2013-6275
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and previous versions in basic.php.
Horde Groupware
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
6.8
CVSSv2
CVE-2013-6364
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Horde Groupware 5.1.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »