Horde

Groupware Webmail Edition

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2012-0791

  • EPSS 0.75%
  • Veröffentlicht 24.01.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* par...

4.3

CVE-2012-0909

Exploit
  • EPSS 0.3%
  • Veröffentlicht 24.01.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details...

10

CVE-2008-7218

  • EPSS 1.85%
  • Veröffentlicht 13.09.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before ...

10

CVE-2008-7219

  • EPSS 1.07%
  • Veröffentlicht 13.09.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 befo...

9

CVE-2008-3650

  • EPSS 0.3%
  • Veröffentlicht 13.08.2008 01:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.

4.3

CVE-2008-2783

Exploit
  • EPSS 0.27%
  • Veröffentlicht 19.06.2008 20:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day....

4.3

CVE-2008-1974

Exploit
  • EPSS 2.15%
  • Veröffentlicht 27.04.2008 19:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

6

CVE-2008-1284

  • EPSS 1.31%
  • Veröffentlicht 11.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences a...

4.9

CVE-2008-0807

  • EPSS 0.56%
  • Veröffentlicht 19.02.2008 01:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, w...

5.8

CVE-2007-6018

  • EPSS 1.15%
  • Veröffentlicht 11.01.2008 02:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2)...