Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horde horde groupware vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0807
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x prior to 2.1.7 and 2.2.x prior to 2.2-RC3, as used in products such as Horde Groupware prior to 1.0.4 and Horde Groupware Webmail Edition prior to 1.0.5, does not properly check access rights, which allows remote aut...
Horde Groupware 1.0.3
Horde Groupware Webmail Edition 1.0.4
Horde Turba Contact Manager 2.1.6
6.5
CVSSv3
CVE-2020-8866
This vulnerability allows remote malicious users to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of pr...
Horde Groupware 5.2.22
Horde Horde Form
Debian Debian Linux 8.0
2 EDB exploits
NA
CVE-2015-7984
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde prior to 5.2.8, Horde Groupware prior to 5.2.11, and Horde Groupware Webmail Edition prior to 5.2.11 allow remote malicious users to hijack the authentication of administrators for requests that execute arbitrary...
Horde Groupware
Horde Horde Application Framework
Debian Debian Linux 8.0
1 EDB exploit
5.4
CVSSv3
CVE-2017-16906
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.
Horde Groupware
8.8
CVSSv3
CVE-2017-7413
In Horde_Crypt prior to 2.7.6, as used in Horde Groupware Webmail Edition up to and including 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed t...
Horde Groupware
6.1
CVSSv3
CVE-2019-12094
Horde Groupware Webmail Edition up to and including 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
Horde Groupware
8.8
CVSSv3
CVE-2019-12095
Horde Trean, as used in Horde Groupware Webmail Edition up to and including 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
Horde Groupware
6.1
CVSSv3
CVE-2020-8035
The image view functionality in Horde Groupware Webmail Edition prior to 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making the...
Horde Groupware
8.8
CVSSv3
CVE-2019-9858
Remote code execution exists in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload...
Horde Groupware 5.2.17
Horde Groupware 5.2.22
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2016-5303
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition prior to 5.2.16 allows remote malicious users to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink a...
Horde Groupware 5.2.15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »