Vulnerabilities > Horde > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-28 CVE-2022-30287 Unsafe Reflection vulnerability in multiple products
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class.
network
low complexity
horde debian CWE-470
8.0
2014-04-01 CVE-2014-1691 Code Injection vulnerability in Horde Application Framework
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
network
low complexity
horde CWE-94
7.5
2012-09-25 CVE-2012-0209 Code Injection vulnerability in Horde Groupware and Horde
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
network
low complexity
horde CWE-94
7.5
2006-11-30 CVE-2006-6175 Local File Include vulnerability in Horde Kronolith
Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a ..
network
low complexity
horde
7.5
2006-03-29 CVE-2006-1491 Code Injection vulnerability in Horde Application Framework
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
network
low complexity
horde CWE-94
7.5
2003-01-17 CVE-2003-0025 SQL Injection vulnerability in Horde IMP Database Files
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
network
low complexity
horde
7.5
2002-04-22 CVE-2002-0181 Cross-Site Scripting vulnerability in Horde IMP Status.PHP3
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
network
low complexity
horde
7.5
2001-07-21 CVE-2001-1257 Unspecified vulnerability in Horde IMP
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
network
low complexity
horde
7.5