Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horde horde groupware vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-5303
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition prior to 5.2.16 allows remote malicious users to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink a...
Horde Groupware 5.2.15
5
CVSSv2
CVE-2017-15235
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote malicious users to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
Horde Groupware 5.2.21
1 EDB exploit
3.5
CVSSv2
CVE-2017-16908
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.
Horde Groupware 5.2.19
NA
CVE-2022-30287
Horde Groupware Webmail Edition up to and including 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Horde Groupware
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2017-9773
Denial of Service was found in Horde_Image 2.x prior to 2.5.0 via a crafted URL to the "Null" image driver.
Horde Horde Image 2.0.0
Horde Horde Image 2.0.6
Horde Horde Image 2.0.2
Horde Horde Image 2.0.1
Horde Horde Image 2.1.0
Horde Horde Image 2.1.1
Horde Horde Image 2.3.7
Horde Horde Image 2.3.5
Horde Horde Image 2.0.4
Horde Horde Image 2.0.5
Horde Horde Image 2.0.9
Horde Horde Image 2.3.0
Horde Horde Image 2.4.2
Horde Horde Image 2.3.6
Horde Horde Image 2.1.10
Horde Horde Image 2.2.0
Horde Horde Image 2.2.1
Horde Horde Image 2.3.3
Horde Horde Image 2.3.4
Horde Horde Image 2.4.0
Horde Horde Image 2.0.3
Horde Horde Image 2.1.8
6.5
CVSSv2
CVE-2020-8865
This vulnerability allows remote malicious users to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] p...
Horde Groupware 5.2.22
Debian Debian Linux 8.0
2 EDB exploits
6.5
CVSSv2
CVE-2017-9774
Remote Code Execution was found in Horde_Image 2.x prior to 2.5.0 via a crafted GET request. Exploitation requires authentication.
Horde Horde Image Api 2.0.0
Horde Horde Image Api 2.0.7
Horde Horde Image Api 2.0.8
Horde Horde Image Api 2.3.3
Horde Horde Image Api 2.3.4
Horde Horde Image Api 2.0.3
Horde Horde Image Api 2.0.4
Horde Horde Image Api 2.2.0
Horde Horde Image Api 2.3.0
Horde Horde Image Api 2.4.1
Horde Horde Image Api 2.0.1
Horde Horde Image Api 2.0.2
Horde Horde Image Api 2.0.9
Horde Horde Image Api 2.1.0
Horde Horde Image Api 2.3.5
Horde Horde Image Api 2.3.6
Horde Horde Image Api 2.4.0
Horde Horde Image Api 2.0.5
Horde Horde Image Api 2.0.6
Horde Horde Image Api 2.3.1
Horde Horde Image Api 2.3.2
6.8
CVSSv2
CVE-2017-14650
A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability ...
Horde Horde Image Api 2.0.0
Horde Horde Image Api 2.0.1
Horde Horde Image Api 2.0.9
Horde Horde Image Api 2.1.0
Horde Horde Image Api 2.3.5
Horde Horde Image Api 2.3.6
Horde Horde Image Api 2.5.1
Horde Horde Image Api 2.0.4
Horde Horde Image Api 2.0.5
Horde Horde Image Api 2.3.1
Horde Horde Image Api 2.3.2
Horde Horde Image Api 2.5.0
Horde Horde Image Api 2.0.2
Horde Horde Image Api 2.0.3
Horde Horde Image Api 2.2.0
Horde Horde Image Api 2.3.0
Horde Horde Image Api 2.4.0
Horde Horde Image Api 2.4.1
Horde Horde Image Api 2.0.6
Horde Horde Image Api 2.0.7
Horde Horde Image Api 2.0.8
Horde Horde Image Api 2.3.3
7.5
CVSSv2
CVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Horde Groupware 5.2.22
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
1 EDB exploit
4.3
CVSSv2
CVE-2015-8807
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware prior to 5.2.12 and Horde Groupware Webmail Edition prior to 5.2.12 allows remote malicious users to inject arbitrary ...
Fedoraproject Fedora 23
Fedoraproject Fedora 22
Horde Groupware 5.2.11
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »