Vulnerabilities > Horde
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-17 | CVE-2009-3236 | Unspecified vulnerability in Horde Application Framework and Groupware The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements. network horde | 4.3 |
| 2009-09-13 | CVE-2008-7219 | Permissions, Privileges, and Access Controls vulnerability in Horde products Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. | 10.0 |
| 2009-09-13 | CVE-2008-7218 | Security Bypass vulnerability in Horde Products Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors. | 10.0 |
| 2009-07-08 | CVE-2009-2360 | Cross-Site Scripting vulnerability in Horde Passwd Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter. | 4.3 |
| 2009-04-23 | CVE-2008-6746 | Cross-Site Scripting vulnerability in Horde Turba H3 Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name. | 4.3 |
| 2009-01-21 | CVE-2008-5917 | Cross-Site Scripting vulnerability in Horde Application Framework 3.2.2/3.3 Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. | 4.3 |
| 2008-09-23 | CVE-2008-4182 | Cross-Site Scripting vulnerability in Horde Turba Contact Manager H3 2.2.1/3.1.1/3.2.2 Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session. | 4.3 |
| 2008-09-12 | CVE-2008-3824 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message. | 4.3 |
| 2008-09-12 | CVE-2008-3823 | Cross-Site Scripting vulnerability in Horde 3.2/3.2.1 Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message. | 4.3 |
| 2008-08-13 | CVE-2008-3650 | Cross-Site Scripting vulnerability in Groupware Webmail Edition Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view. | 9.0 |