Horde

Groupware Webmail Edition

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2012-0791

  • EPSS 0.75%
  • Published 24.01.2012 18:55:01
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* par...

4.3

CVE-2012-0909

Exploit
  • EPSS 0.3%
  • Published 24.01.2012 18:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details...

10

CVE-2008-7218

  • EPSS 1.85%
  • Published 13.09.2009 22:30:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before ...

10

CVE-2008-7219

  • EPSS 1.07%
  • Published 13.09.2009 22:30:00
  • Last modified 09.04.2025 00:30:58

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 befo...

9

CVE-2008-3650

  • EPSS 0.3%
  • Published 13.08.2008 01:41:00
  • Last modified 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.

4.3

CVE-2008-2783

Exploit
  • EPSS 0.27%
  • Published 19.06.2008 20:41:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day....

4.3

CVE-2008-1974

Exploit
  • EPSS 2.15%
  • Published 27.04.2008 19:05:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

6

CVE-2008-1284

  • EPSS 1.31%
  • Published 11.03.2008 00:44:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences a...

4.9

CVE-2008-0807

  • EPSS 0.56%
  • Published 19.02.2008 01:00:00
  • Last modified 09.04.2025 00:30:58

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, w...

5.8

CVE-2007-6018

  • EPSS 1.15%
  • Published 11.01.2008 02:46:00
  • Last modified 09.04.2025 00:30:58

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2)...