Horde

Imp

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.95%
  • Veröffentlicht 16.03.2007 21:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:39

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

  • EPSS 1.62%
  • Veröffentlicht 21.08.2006 20:04:00
  • Zuletzt bearbeitet 16.06.2026 22:28:43

Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label...

Exploit
  • EPSS 2.4%
  • Veröffentlicht 08.12.2005 01:03:00
  • Zuletzt bearbeitet 16.06.2026 22:18:10

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Inte...

  • EPSS 1.23%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:12:50

Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

  • EPSS 1.21%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:07:42

Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.

  • EPSS 1.34%
  • Veröffentlicht 06.08.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:05:55

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a c...

  • EPSS 27.97%
  • Veröffentlicht 17.01.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:22

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using ma...

  • EPSS 1.92%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:00:30

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error...

  • EPSS 1.85%
  • Veröffentlicht 22.04.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:56:57

Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.

  • EPSS 0.36%
  • Veröffentlicht 18.10.2001 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:54:52

Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.