Filtered by vendor Horde
Subscriptions
Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0910 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. | ||||
| CVE-2001-1257 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | ||||
| CVE-2002-0181 | 1 Horde | 2 Horde, Imp | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. | ||||
| CVE-2003-0025 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3. | ||||
| CVE-2006-3548 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). | ||||
| CVE-2006-4256 | 1 Horde | 1 Application Framework | 2025-04-03 | N/A |
| index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. | ||||
| CVE-2005-0961 | 1 Horde | 1 Application Framework | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. | ||||
| CVE-2005-1321 | 1 Horde | 1 Vaction | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2006-1260 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. | ||||
| CVE-2006-1491 | 1 Horde | 1 Application Framework | 2025-04-03 | N/A |
| Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | ||||
| CVE-2005-4189 | 1 Horde | 1 Kronolith H3 | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors. | ||||
| CVE-2005-4191 | 1 Horde | 1 Nag Task List Manager H3 | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist. | ||||
| CVE-2005-4192 | 1 Horde | 1 Mnemo Note Manager H3 | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad. | ||||
| CVE-2005-4242 | 1 Horde | 1 Turba H3 | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data. | ||||
| CVE-2004-0584 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2003-0728 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. | ||||
| CVE-2004-1443 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. | ||||
| CVE-2005-4080 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters. | ||||
| CVE-2005-1315 | 1 Horde | 1 Turba | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2005-1317 | 1 Horde | 1 Chora | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||