Vulnerabilities > Horde > Horde Application Framework > 3.1.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-01 | CVE-2014-1691 | Code Injection vulnerability in Horde Application Framework The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form. | 7.5 |
2010-11-09 | CVE-2010-3694 | Cross-Site Request Forgery (CSRF) vulnerability in Horde Application Framework Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. | 6.8 |
2010-11-09 | CVE-2010-3077 | Cross-Site Scripting vulnerability in Horde Application Framework Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. | 4.3 |
2007-03-16 | CVE-2007-1474 | Unspecified vulnerability in Horde Application Framework and IMP Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. network horde | 6.8 |
2007-03-16 | CVE-2007-1473 | Cross-Site Scripting vulnerability in Horde Framework Login.PHP Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. network horde | 4.3 |