Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horde horde groupware vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2017-16908
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.
Horde Groupware 5.2.19
505
VMScore
CVE-2017-15235
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote malicious users to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
Horde Groupware 5.2.21
1 EDB exploit
383
VMScore
CVE-2007-1679
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting...
Horde Groupware 1.0
NA
CVE-2022-30287
Horde Groupware Webmail Edition up to and including 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Horde Groupware
Debian Debian Linux 10.0
383
VMScore
CVE-2017-9773
Denial of Service was found in Horde_Image 2.x prior to 2.5.0 via a crafted URL to the "Null" image driver.
Horde Horde Image 2.0.0
Horde Horde Image 2.0.6
Horde Horde Image 2.0.2
Horde Horde Image 2.0.1
Horde Horde Image 2.1.0
Horde Horde Image 2.1.1
Horde Horde Image 2.3.7
Horde Horde Image 2.3.5
Horde Horde Image 2.0.4
Horde Horde Image 2.0.5
Horde Horde Image 2.0.9
Horde Horde Image 2.3.0
Horde Horde Image 2.4.2
Horde Horde Image 2.3.6
Horde Horde Image 2.1.10
Horde Horde Image 2.2.0
Horde Horde Image 2.2.1
Horde Horde Image 2.3.3
Horde Horde Image 2.3.4
Horde Horde Image 2.4.0
Horde Horde Image 2.0.3
Horde Horde Image 2.1.8
660
VMScore
CVE-2020-8865
This vulnerability allows remote malicious users to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] p...
Horde Groupware 5.2.22
Debian Debian Linux 8.0
2 EDB exploits
578
VMScore
CVE-2017-9774
Remote Code Execution was found in Horde_Image 2.x prior to 2.5.0 via a crafted GET request. Exploitation requires authentication.
Horde Horde Image Api 2.0.0
Horde Horde Image Api 2.0.7
Horde Horde Image Api 2.0.8
Horde Horde Image Api 2.3.3
Horde Horde Image Api 2.3.4
Horde Horde Image Api 2.0.3
Horde Horde Image Api 2.0.4
Horde Horde Image Api 2.2.0
Horde Horde Image Api 2.3.0
Horde Horde Image Api 2.4.1
Horde Horde Image Api 2.0.1
Horde Horde Image Api 2.0.2
Horde Horde Image Api 2.0.9
Horde Horde Image Api 2.1.0
Horde Horde Image Api 2.3.5
Horde Horde Image Api 2.3.6
Horde Horde Image Api 2.4.0
Horde Horde Image Api 2.0.5
Horde Horde Image Api 2.0.6
Horde Horde Image Api 2.3.1
Horde Horde Image Api 2.3.2
605
VMScore
CVE-2017-14650
A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability ...
Horde Horde Image Api 2.0.0
Horde Horde Image Api 2.0.1
Horde Horde Image Api 2.0.9
Horde Horde Image Api 2.1.0
Horde Horde Image Api 2.3.5
Horde Horde Image Api 2.3.6
Horde Horde Image Api 2.5.1
Horde Horde Image Api 2.0.4
Horde Horde Image Api 2.0.5
Horde Horde Image Api 2.3.1
Horde Horde Image Api 2.3.2
Horde Horde Image Api 2.5.0
Horde Horde Image Api 2.0.2
Horde Horde Image Api 2.0.3
Horde Horde Image Api 2.2.0
Horde Horde Image Api 2.3.0
Horde Horde Image Api 2.4.0
Horde Horde Image Api 2.4.1
Horde Horde Image Api 2.0.6
Horde Horde Image Api 2.0.7
Horde Horde Image Api 2.0.8
Horde Horde Image Api 2.3.3
755
VMScore
CVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Horde Groupware 5.2.22
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
1 EDB exploit
383
VMScore
CVE-2015-8807
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware prior to 5.2.12 and Horde Groupware Webmail Edition prior to 5.2.12 allows remote malicious users to inject arbitrary ...
Fedoraproject Fedora 23
Fedoraproject Fedora 22
Horde Groupware 5.2.11
Debian Debian Linux 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »