Vulnerabilities > Horde > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-28 | CVE-2022-30287 | Unsafe Reflection vulnerability in multiple products Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. | 8.0 |
| 2014-04-01 | CVE-2014-1691 | Code Injection vulnerability in Horde Application Framework The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form. | 7.5 |
| 2012-09-25 | CVE-2012-0209 | Code Injection vulnerability in Horde Groupware and Horde Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code. | 7.5 |
| 2006-11-30 | CVE-2006-6175 | Local File Include vulnerability in Horde Kronolith Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. | 7.5 |
| 2006-03-29 | CVE-2006-1491 | Code Injection vulnerability in Horde Application Framework Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | 7.5 |
| 2003-01-17 | CVE-2003-0025 | SQL Injection vulnerability in Horde IMP Database Files Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3. | 7.5 |
| 2002-04-22 | CVE-2002-0181 | Cross-Site Scripting vulnerability in Horde IMP Status.PHP3 Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. | 7.5 |
| 2001-07-21 | CVE-2001-1257 | Unspecified vulnerability in Horde IMP Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | 7.5 |