Filtered by vendor Horde
Subscriptions
Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4255 | 1 Horde | 2 Horde, Imp | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. | ||||
| CVE-2005-1321 | 1 Horde | 1 Vaction | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2001-1258 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. | ||||
| CVE-2001-1257 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | ||||
| CVE-2001-0744 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. | ||||
| CVE-2005-1318 | 1 Horde | 1 Forwards | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2005-1316 | 1 Horde | 1 Accounts | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2000-0910 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. | ||||
| CVE-2000-0911 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. | ||||
| CVE-2005-1315 | 1 Horde | 1 Turba | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2004-2741 | 1 Horde | 1 Application Framework | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. | ||||
| CVE-2005-1314 | 1 Horde | 1 Kronolith | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2005-1313 | 1 Horde | 1 Passwd | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2005-1319 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2005-0961 | 1 Horde | 1 Application Framework | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. | ||||
| CVE-2005-0378 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. | ||||
| CVE-2004-0584 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2006-3549 | 1 Horde | 1 Horde Application Framework | 2025-04-03 | N/A |
| services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server. | ||||
| CVE-2003-0728 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. | ||||
| CVE-2022-30287 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 8.0 High |
| Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. | ||||