Vulnerabilities > Horde
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1443 | HTML Injection vulnerability in Horde IMP HTML+TIME Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. network horde | 4.3 |
| 2004-08-06 | CVE-2004-0584 | HTML Injection vulnerability in Horde IMP Email Header Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. network horde | 6.8 |
| 2003-10-20 | CVE-2003-0728 | Remote Security vulnerability in Horde Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. | 6.4 |
| 2003-01-17 | CVE-2003-0025 | SQL Injection vulnerability in Horde IMP Database Files Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3. | 7.5 |
| 2002-12-31 | CVE-2002-2024 | Path Disclosure vulnerability in Horde IMP 2.2.7 Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages. | 5.0 |
| 2002-04-22 | CVE-2002-0181 | Cross-Site Scripting vulnerability in Horde IMP Status.PHP3 Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. | 7.5 |
| 2001-10-18 | CVE-2001-0744 | Local Security vulnerability in IMP Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. | 2.1 |
| 2001-07-21 | CVE-2001-1258 | Local 'prefs.lang' vulnerability in Horde IMP Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. | 3.6 |
| 2001-07-21 | CVE-2001-1257 | Unspecified vulnerability in Horde IMP Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | 7.5 |
| 2000-12-19 | CVE-2000-0911 | Unspecified vulnerability in Horde IMP 2.0/2.2 IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. | 5.0 |