Search criteria
27 vulnerabilities found for horde_application_framework by horde
FKIE_CVE-2015-7984
Vulnerability from fkie_nvd - Published: 2015-11-19 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | groupware | * | |
| horde | groupware | * | |
| horde | horde_application_framework | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7D0049-BC4B-4AAB-88A9-29B4DF202DAD",
"versionEndExcluding": "5.2.11",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:*:*:*:*:webmail:*:*:*",
"matchCriteriaId": "A718E8E7-A300-4753-B2E6-02C41ED796DD",
"versionEndExcluding": "5.2.11",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C998570-A707-4AE9-AB33-11455C9262B5",
"versionEndExcluding": "5.2.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en Horde en versiones anteriores a 5.2.8, Horde Groupware en versiones anteriores a 5.2.11 y Horde Groupware Webmail Edition en versiones anteriores a 5.2.11 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que ejecutan (1) comandos a trav\u00e9s del par\u00e1metro cmd a admin/cmdshell.php, (2) consultas SQL a trav\u00e9s del par\u00e1metro sql a admin/sqlshell.php o (3) c\u00f3digo PHP a trav\u00e9s del par\u00e1metro php a admin/phpshell.php arbitrarios."
}
],
"id": "CVE-2015-7984",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-19T20:59:09.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2015/001124.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2015/001137.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2015/001138.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3391"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38765/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2015/001124.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2015/001137.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2015/001138.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38765/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23272"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-1691
Vulnerability from fkie_nvd - Published: 2014-04-01 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | horde_application_framework | * | |
| horde | horde_application_framework | 5.0.0 | |
| horde | horde_application_framework | 5.0.1 | |
| horde | horde_application_framework | 5.0.2 | |
| horde | horde_application_framework | 5.0.3 | |
| horde | horde_application_framework | 5.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA40D3C0-313C-4622-AD42-9E1422170FD3",
"versionEndIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA8B826-EB7D-4EF8-A886-CC83907C59EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CB9652-6D7C-4EB1-AC6D-C29C20757FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "320EFF23-CD09-419F-8AC2-1EE5DE4763E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB0209B-CA11-473A-9966-D069845806CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "62DACAFB-3715-4986-BFD8-4939E31E2CE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form."
},
{
"lang": "es",
"value": "El script framework/Util/lib/Horde/Variables.php en la librar\u00eda de Util en Horde anterior a 5.1.1 permite a atacantes remotos realizar ataques de inyecci\u00f3n de objetos y ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de un objeto serializado manipulado en el formulario _formvars."
}
],
"id": "CVE-2014-1691",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-01T15:55:06.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2014/q1/153"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2014/q1/156"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q1/169"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2853"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2014/q1/153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2014/q1/156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-3694
Vulnerability from fkie_nvd - Published: 2010-11-09 21:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D53EAD-F1D9-40A9-87BA-DCB0AF5123E2",
"versionEndIncluding": "3.3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0895A4FC-4755-4125-822D-6D5A81C8EBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DA68CF-D7EB-48CF-9D2D-43E26A4F0BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04288C25-9111-44E1-9099-7ED65639A395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "793768BD-03C9-428A-B8AC-E03FEA65D32A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B50AD460-4240-4A75-8944-21F0D5BA711C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB2DBC9-0934-4BA2-A6E0-CF1BCB1E0E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "362CDCE7-16DA-4951-81ED-5B858126E37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D622651E-ECBC-4A88-8AD2-8EB9AA27F348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C64FB724-0978-48E1-94AA-2ED5281C1C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2188602F-74FC-4252-9D0C-4B6D68ECA850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E8FF53EE-1D8E-450C-92A2-204EA2B7C410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13ECD794-7621-413B-AC67-FD0072C3F2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9535A094-9B6F-4E17-8097-D7A6D8936F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F473B48-F48A-4B6B-8D69-1F97BB6AA923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E1A7DB-906F-4973-BF1C-EFFA0B595A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD67E143-A9C0-458A-87C5-E6B3C9AC628D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9E6EB8-B5E5-41DF-B5E2-0A97448D16A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36BEAB4E-04DA-4EDD-990C-697EA0984291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "142B9B05-955E-4688-AF6E-ED7B4FE41846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "295D48BB-F143-4047-B366-74101AB983CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8359595-A986-4B7D-9AD6-0F03C037B9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58431B48-EA29-4A6F-B9FF-C416924E63B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61064C18-0E45-4790-B323-262287D8DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFF25C4-03F2-4D65-ABA9-2406957D546E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A7CA2D-A52C-4683-ABD3-B63763B2290E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "E72F0C02-DEF7-4617-AD5D-CB808DEE1CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "F1B318B6-6774-4F9D-8BFC-38B259646922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "48540E28-E523-4556-BB13-3F3B9F76E043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7761A879-F736-4D45-AA98-6556946A0CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17093F61-EDE4-44C0-9A75-5E2C94B86D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5DAAF73-EC16-4E7E-AAFA-A23F36312884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E2842743-831D-455C-A319-68A7D604834F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2DF05F67-D172-4569-8839-838B2F84D937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4C51DE3-C6D8-4A49-9DD2-E45A734A8C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79D21AFE-DA3C-43D4-B253-B5F2682C00C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E5ADB7BC-7326-4A66-82FE-5B5AB9BAD344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C07F450D-6DF4-48F2-8776-E791BCBD469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5B2E87-5A29-4EF8-8BCC-1E5AE28BE6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C55F4BF3-EFA5-4E58-A32C-7DF7F00B74CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7795DE95-4DCE-483D-817A-62250802AEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1076ED89-666B-4E1A-B90C-1E9C23C70E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "005FB9D3-71C7-4C4B-8D1A-1046A21ABE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8C2CD4E9-D06D-44FB-9773-29640E456DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FD9A8696-C91C-467B-A43B-5F2AEFB49A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2C316222-9E28-4D53-A3FE-A47337782260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17003C82-B711-496C-A2D4-0CC5FB2DCAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B11F13D-5FEC-4090-804A-28D1B2938112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3FE20-264A-4496-8FB3-E59A3A38BAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F86A1C7-D369-40A7-BFF3-03AC4F3977F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D49B7214-8BC7-4495-A3C1-4702E5F98DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D45517DB-2F8C-41BB-9453-7B50F2227286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "852EA094-4661-43EA-B715-0524ABA33274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1885E75E-4A0C-4393-A900-E611EEA461BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D0202CB6-459E-4867-A220-A248A7D419C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "666F75EF-0B30-476B-B4D3-3465AC85C81E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88BE4BD4-174C-4EC5-BCE7-CA63D1369043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "FB00DEDC-BFCE-4238-BD34-594F075DD11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F54438D0-C3BB-47BD-BD66-1AEDE08387F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB30C91F-B3F8-45B8-9F79-7EB643A1FAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "8B9EC024-FA54-457A-9CAE-E9C5AB990DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E94D8DDD-CE4B-4F7D-8699-6D8D979BB354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D32C974-121E-4FAB-8E39-2933C912935F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60A02DC9-3602-43B2-8574-15A6D4528142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61F847C8-7775-4FC0-BBE1-C56DFC3D9A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1ECC0C8-DE09-4079-8476-B0C82ABE980A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0465D03-EE78-4D1D-B6F3-0AB6636D8589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADA6AAC-7511-47F6-B805-A5C48BA4CD11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DBA57981-630B-40A7-A6B3-9443A926BC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3CB720-A1C0-4E49-BA2C-02283499F252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE83C51-175E-4FB9-BA2B-505A8B559D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "172260F8-D4E5-470D-84EA-00B88B090A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51487521-E1DB-4CD0-9071-C9449EFB681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "880EFFF2-54E1-47B3-A87B-9D7F41505B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA44794C-3D45-4BC8-AEDB-8D98C5BF6214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C047C7A-2338-49D9-8B25-78A25B45788A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "283653B3-00DD-4F9D-AD0E-625564FDE72C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Horde Application Framework anterior a v3.3.9 permite a los atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas sin especificar en peticiones a un formulario preferente."
}
],
"id": "CVE-2010-3694",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-11-09T21:00:04.163",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42140"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-3077
Vulnerability from fkie_nvd - Published: 2010-11-09 21:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D53EAD-F1D9-40A9-87BA-DCB0AF5123E2",
"versionEndIncluding": "3.3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0895A4FC-4755-4125-822D-6D5A81C8EBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DA68CF-D7EB-48CF-9D2D-43E26A4F0BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04288C25-9111-44E1-9099-7ED65639A395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "793768BD-03C9-428A-B8AC-E03FEA65D32A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B50AD460-4240-4A75-8944-21F0D5BA711C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB2DBC9-0934-4BA2-A6E0-CF1BCB1E0E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "362CDCE7-16DA-4951-81ED-5B858126E37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D622651E-ECBC-4A88-8AD2-8EB9AA27F348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C64FB724-0978-48E1-94AA-2ED5281C1C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2188602F-74FC-4252-9D0C-4B6D68ECA850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E8FF53EE-1D8E-450C-92A2-204EA2B7C410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13ECD794-7621-413B-AC67-FD0072C3F2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9535A094-9B6F-4E17-8097-D7A6D8936F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F473B48-F48A-4B6B-8D69-1F97BB6AA923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E1A7DB-906F-4973-BF1C-EFFA0B595A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD67E143-A9C0-458A-87C5-E6B3C9AC628D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9E6EB8-B5E5-41DF-B5E2-0A97448D16A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36BEAB4E-04DA-4EDD-990C-697EA0984291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "142B9B05-955E-4688-AF6E-ED7B4FE41846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "295D48BB-F143-4047-B366-74101AB983CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8359595-A986-4B7D-9AD6-0F03C037B9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58431B48-EA29-4A6F-B9FF-C416924E63B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61064C18-0E45-4790-B323-262287D8DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFF25C4-03F2-4D65-ABA9-2406957D546E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A7CA2D-A52C-4683-ABD3-B63763B2290E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "E72F0C02-DEF7-4617-AD5D-CB808DEE1CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "F1B318B6-6774-4F9D-8BFC-38B259646922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "48540E28-E523-4556-BB13-3F3B9F76E043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7761A879-F736-4D45-AA98-6556946A0CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17093F61-EDE4-44C0-9A75-5E2C94B86D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5DAAF73-EC16-4E7E-AAFA-A23F36312884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E2842743-831D-455C-A319-68A7D604834F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2DF05F67-D172-4569-8839-838B2F84D937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4C51DE3-C6D8-4A49-9DD2-E45A734A8C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79D21AFE-DA3C-43D4-B253-B5F2682C00C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E5ADB7BC-7326-4A66-82FE-5B5AB9BAD344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C07F450D-6DF4-48F2-8776-E791BCBD469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5B2E87-5A29-4EF8-8BCC-1E5AE28BE6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C55F4BF3-EFA5-4E58-A32C-7DF7F00B74CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7795DE95-4DCE-483D-817A-62250802AEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1076ED89-666B-4E1A-B90C-1E9C23C70E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "005FB9D3-71C7-4C4B-8D1A-1046A21ABE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8C2CD4E9-D06D-44FB-9773-29640E456DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FD9A8696-C91C-467B-A43B-5F2AEFB49A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2C316222-9E28-4D53-A3FE-A47337782260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17003C82-B711-496C-A2D4-0CC5FB2DCAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B11F13D-5FEC-4090-804A-28D1B2938112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3FE20-264A-4496-8FB3-E59A3A38BAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F86A1C7-D369-40A7-BFF3-03AC4F3977F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D49B7214-8BC7-4495-A3C1-4702E5F98DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D45517DB-2F8C-41BB-9453-7B50F2227286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "852EA094-4661-43EA-B715-0524ABA33274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1885E75E-4A0C-4393-A900-E611EEA461BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D0202CB6-459E-4867-A220-A248A7D419C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "666F75EF-0B30-476B-B4D3-3465AC85C81E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88BE4BD4-174C-4EC5-BCE7-CA63D1369043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "FB00DEDC-BFCE-4238-BD34-594F075DD11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F54438D0-C3BB-47BD-BD66-1AEDE08387F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB30C91F-B3F8-45B8-9F79-7EB643A1FAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "8B9EC024-FA54-457A-9CAE-E9C5AB990DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E94D8DDD-CE4B-4F7D-8699-6D8D979BB354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D32C974-121E-4FAB-8E39-2933C912935F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60A02DC9-3602-43B2-8574-15A6D4528142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61F847C8-7775-4FC0-BBE1-C56DFC3D9A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1ECC0C8-DE09-4079-8476-B0C82ABE980A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0465D03-EE78-4D1D-B6F3-0AB6636D8589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADA6AAC-7511-47F6-B805-A5C48BA4CD11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DBA57981-630B-40A7-A6B3-9443A926BC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3CB720-A1C0-4E49-BA2C-02283499F252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE83C51-175E-4FB9-BA2B-505A8B559D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "172260F8-D4E5-470D-84EA-00B88B090A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51487521-E1DB-4CD0-9071-C9449EFB681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "880EFFF2-54E1-47B3-A87B-9D7F41505B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA44794C-3D45-4BC8-AEDB-8D98C5BF6214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C047C7A-2338-49D9-8B25-78A25B45788A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "283653B3-00DD-4F9D-AD0E-625564FDE72C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en util/icon_browser.php en el Horde Application Framework anterior a v3.3.9 que permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"subdir\"."
}
],
"id": "CVE-2010-3077",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-11-09T21:00:04.117",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git\u0026r1=a978a35c3e95e784253508fd4333d2fbb64830b6\u0026r2=9342addbd2b95f184f230773daa4faf5ef6d65e9"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2010/Sep/82"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42140"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git\u0026r1=a978a35c3e95e784253508fd4333d2fbb64830b6\u0026r2=9342addbd2b95f184f230773daa4faf5ef6d65e9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2010/Sep/82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-3237
Vulnerability from fkie_nvd - Published: 2009-09-17 10:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "text parts" that are not properly handled in the MIME viewer library (config/mime_drivers.php).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88BE4BD4-174C-4EC5-BCE7-CA63D1369043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D32C974-121E-4FAB-8E39-2933C912935F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60A02DC9-3602-43B2-8574-15A6D4528142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61F847C8-7775-4FC0-BBE1-C56DFC3D9A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1ECC0C8-DE09-4079-8476-B0C82ABE980A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADA6AAC-7511-47F6-B805-A5C48BA4CD11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3CB720-A1C0-4E49-BA2C-02283499F252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE83C51-175E-4FB9-BA2B-505A8B559D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "172260F8-D4E5-470D-84EA-00B88B090A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51487521-E1DB-4CD0-9071-C9449EFB681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_groupware:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26FB18AE-EDA5-48DF-9592-9970FFD3C72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_groupware:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30FF79BF-E978-49BF-BF07-DF4A75C6E52F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_groupware:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "633B142D-AAF2-49EE-B152-C1C4524E4543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_groupware:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CFFA11-C38E-4F92-8BF2-223B97911E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_groupware:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4151CC-DC68-4883-91E2-712D9FD0C160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_groupware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F359B33-A791-4792-9CD3-BA551F1291DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_groupware:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16F105C6-75E5-4BD8-A7A2-0DB31B6F5498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_groupware:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2187B702-3598-4353-81AA-EBDCC3E48A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_groupware:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52D84C54-EAFF-4368-ADEF-589F95EA6BD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBB036-494E-41D4-BD04-40906FAB5C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37B76B27-ADF0-4E88-B92C-304FB38A356E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "965F245A-879A-4DF0-ABC5-588E78C4CBBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3DCB29F9-3875-4264-8117-5751FEDC3350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "59FC250F-EF0B-4604-99A2-3EEB8B2DEB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C10E681-5D2B-4EA4-B8E1-C0CA4FC9D3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC5154-42C5-4877-9147-5DFD61BD5CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAEBBF-1696-4EAC-8837-68A03C2D2F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F626876D-99FC-4DE0-BEE0-35874C4E25F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF1A6AE-0748-476B-ACE2-DA43A9443B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB711B5E-9011-4BA2-917A-DB8545705E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "50DC1068-F426-497F-A5A0-E032BC3816F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C5A176-8C72-40EA-85AC-F11B40FD53A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4C3487-4556-47E5-8BF3-1DEDF0E9AFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F24E43-491B-4AD1-B905-66F7FC6DA98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F577A169-8354-4218-B3C6-04DA4BDF1E3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME \"text parts\" that are not properly handled in the MIME viewer library (config/mime_drivers.php)."
},
{
"lang": "es",
"value": "M\u00faltiple vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Horde Application Framework desde v3.2 anteriores a v3.2.5 y desde v3.3 anteriores a v3.3.5; Groupware desde v1.1 anteriores a v1.1.6 y 1.2 anteriores a v1.2.4; y Groupware Webmail Edition desde v1.1 anteriores a v1.1.6 y desde v1.2 anteriores a v1.2.4; permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s de (1) preferencias num\u00e9ricas manipuladas que no han sido adecuadamente gestionadas en el sistema de preferencias (services/prefs.php), como quedo demostrado por el par\u00e1metro sidebar_width o (2) \"fragmentos de texto\" MIME desconocidos manipulados que no son gestionados adecuadamente por la librer\u00eda de visor de MIME (config/mime_drivers.php)."
}
],
"id": "CVE-2009-3237",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-17T10:30:01.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.horde.org/ticket/?id=8311"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.horde.org/ticket/?id=8399"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36665"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/58108"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/58109"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.horde.org/ticket/?id=8311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.horde.org/ticket/?id=8399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/58108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/58109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1473
Vulnerability from fkie_nvd - Published: 2007-03-16 21:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCEC5BC-19CD-4C86-8963-4969718AEDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B76253CE-3A05-40F2-9AC2-11FA1C83E12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB6E8FC-E9F2-4194-B877-90ED6BCA8152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE54204-8E8B-4B3D-BE10-3ECE4DBB8428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B159D53E-0F6D-41AA-A3D2-B77BA18735CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD03C5F-423A-475C-8D0C-4F578E93542B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF6B69C-B7E7-4EEA-A18B-2B6969F26A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B94258B3-CC62-41CD-987C-75868208F8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A276A013-CCF3-4AF5-973F-FD68CC9E2291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB2DBC9-0934-4BA2-A6E0-CF1BCB1E0E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "362CDCE7-16DA-4951-81ED-5B858126E37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C64FB724-0978-48E1-94AA-2ED5281C1C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9535A094-9B6F-4E17-8097-D7A6D8936F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F473B48-F48A-4B6B-8D69-1F97BB6AA923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E1A7DB-906F-4973-BF1C-EFFA0B595A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9E6EB8-B5E5-41DF-B5E2-0A97448D16A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36BEAB4E-04DA-4EDD-990C-697EA0984291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "142B9B05-955E-4688-AF6E-ED7B4FE41846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "295D48BB-F143-4047-B366-74101AB983CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58431B48-EA29-4A6F-B9FF-C416924E63B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61064C18-0E45-4790-B323-262287D8DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFF25C4-03F2-4D65-ABA9-2406957D546E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76A5CF62-60DD-4EA7-A6C3-2061548EF1B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C07F450D-6DF4-48F2-8776-E791BCBD469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5B2E87-5A29-4EF8-8BCC-1E5AE28BE6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C55F4BF3-EFA5-4E58-A32C-7DF7F00B74CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35F504EE-6F8F-4623-9F44-9A1D866DE269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17003C82-B711-496C-A2D4-0CC5FB2DCAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B11F13D-5FEC-4090-804A-28D1B2938112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3FE20-264A-4496-8FB3-E59A3A38BAE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en framework/NLS/NLS.php en Horde Framework anterior a 3.1.4 RC1, cuando la p\u00e1gina de login contiene una caja de elecci\u00f3n de idioma, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro new_lang en login.php."
}
],
"id": "CVE-2007-1473",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-16T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24528"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24995"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27565"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2427"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017775"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/33084"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22984"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/33084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1474
Vulnerability from fkie_nvd - Published: 2007-03-16 21:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | horde_application_framework | 3.0.0 | |
| horde | horde_application_framework | 3.0.4 | |
| horde | horde_application_framework | 3.1.3 | |
| horde | imp | 2.0 | |
| horde | imp | 2.2 | |
| horde | imp | 2.2.1 | |
| horde | imp | 2.2.2 | |
| horde | imp | 2.2.3 | |
| horde | imp | 2.2.4 | |
| horde | imp | 2.2.5 | |
| horde | imp | 2.2.6 | |
| horde | imp | 2.2.7 | |
| horde | imp | 2.2.8 | |
| horde | imp | 2.3 | |
| horde | imp | 3.0 | |
| horde | imp | 3.1 | |
| horde | imp | 3.1.2 | |
| horde | imp | 3.2 | |
| horde | imp | 3.2.1 | |
| horde | imp | 3.2.2 | |
| horde | imp | 3.2.3 | |
| horde | imp | 3.2.4 | |
| horde | imp | 3.2.5 | |
| horde | imp | 3.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76A5CF62-60DD-4EA7-A6C3-2061548EF1B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3FE20-264A-4496-8FB3-E59A3A38BAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2A8C5B-6155-4B40-B8C8-B4944064E3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E08A4-79D6-46FE-880F-66E9778C298E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A3894F-2E3F-49CA-BEE5-759D603F6EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDBDC41-7E6F-4C97-95BD-7DEB2D9FE837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B52D447-8E56-4E04-9650-38D222DA8D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C455353-0401-4975-89BC-C23D32A684F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D9D9E1-D8B7-4A56-BC2F-90BDC97322B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE856E-98FF-4B49-BD7F-3E326FEB89EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED34889-9F98-46BC-9176-557484272C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FBC61D-6A08-4DE8-A5E5-A3FC57E7759D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E52AEEE6-2364-4CFB-9337-C5CCA54362E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD137160-B80D-4C65-A9A9-CEE12107E3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6C2AC8-C21A-4152-AAE6-915ACE65CB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1956C8F0-EB91-4322-85C1-6BE15AA13703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A48DEBEB-0C2D-4F6A-AF63-04990D2FD5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E004FA4-0180-458A-8E8C-8167EF684ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0A1617-17D1-4C9F-A818-27321FD2FEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D86CDC19-43C3-4ACC-94B4-388BCC8A2203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9931A5B-CD0C-43A3-B32D-915FF4AF57D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC69F98-A3B4-4573-AFE4-2069218B3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:imp:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4D0137-3515-4857-8E70-4600CD2D4278",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de argumento en la secuencia de comandos cleanup para cron de Horde Project Horde e IMP anterior a Horde Application Framework 3.1.4 permite a usuarios locales borrar archivos de su elecci\u00f3n y posiblemente obtener privilegios mediante m\u00faltiples nombres de ruta separados por espacios."
}
],
"id": "CVE-2007-1474",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-16T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27565"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22985"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017784"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017785"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3549
Vulnerability from fkie_nvd - Published: 2006-07-13 00:05 - Updated: 2025-04-03 01:03
Severity ?
Summary
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | horde_application_framework | 3.0.0 | |
| horde | horde_application_framework | 3.0.1 | |
| horde | horde_application_framework | 3.0.2 | |
| horde | horde_application_framework | 3.0.3 | |
| horde | horde_application_framework | 3.0.4 | |
| horde | horde_application_framework | 3.0.5 | |
| horde | horde_application_framework | 3.0.6 | |
| horde | horde_application_framework | 3.0.7 | |
| horde | horde_application_framework | 3.0.8 | |
| horde | horde_application_framework | 3.0.9 | |
| horde | horde_application_framework | 3.0.10 | |
| horde | horde_application_framework | 3.1.0 | |
| horde | horde_application_framework | 3.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76A5CF62-60DD-4EA7-A6C3-2061548EF1B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C07F450D-6DF4-48F2-8776-E791BCBD469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5B2E87-5A29-4EF8-8BCC-1E5AE28BE6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C55F4BF3-EFA5-4E58-A32C-7DF7F00B74CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35F504EE-6F8F-4623-9F44-9A1D866DE269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17003C82-B711-496C-A2D4-0CC5FB2DCAC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform \"Web tunneling\" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server."
},
{
"lang": "es",
"value": "services/go.php en Horde Application Framework 3.0.0 hasta la 3.0.10 y 3.1.0 hasta la 3.1.1 no restringe de forma adecuada su capacidad de imagen de proxy, lo cual permite a atacantes remotos llevar a cabo ataques \"Web tunneling\" y utilizar el servidor como un proxy a trav\u00e9s de la URL (1) http, (2) https, y (3) ftp en el par\u00e1metro URL, el cual es respondido desde el servidor."
}
],
"id": "CVE-2006-3549",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-13T00:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20954"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21459"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27565"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1229"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2694"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-4190
Vulnerability from fkie_nvd - Published: 2005-12-13 11:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5634E1-5D6B-4F64-99F6-5F650EC2E13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF6FC53-D300-4A40-8D82-D174F6472DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.2_1:*:*:*:*:*:*:*",
"matchCriteriaId": "72E510AF-4FC2-4872-8844-2021CB72BEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0895A4FC-4755-4125-822D-6D5A81C8EBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDEA1EC-DBD3-4255-873B-577554888E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3_3:*:*:*:*:*:*:*",
"matchCriteriaId": "63D4182B-7A01-49D0-A192-4D67E64AD62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3_4:*:*:*:*:*:*:*",
"matchCriteriaId": "156B7704-72B9-4A19-A541-382E3362ACC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE22A26-6DF7-4EBA-8D76-24AC69B4ECD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "166F65FA-CF60-48DB-A717-448FB84AD24C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA9E158-EF45-4468-935B-1FFA5C511874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "50B37F3D-920B-4953-BFF3-197ADD554E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3B131407-A29A-4140-A884-FADFE39CDBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6AE0227-3E50-4137-8287-45154AD6AD79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2A04BEC0-BFDC-4630-B98D-8924F2336EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCEC5BC-19CD-4C86-8963-4969718AEDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B76253CE-3A05-40F2-9AC2-11FA1C83E12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB6E8FC-E9F2-4194-B877-90ED6BCA8152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE54204-8E8B-4B3D-BE10-3ECE4DBB8428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B159D53E-0F6D-41AA-A3D2-B77BA18735CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD03C5F-423A-475C-8D0C-4F578E93542B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF6B69C-B7E7-4EEA-A18B-2B6969F26A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B94258B3-CC62-41CD-987C-75868208F8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A276A013-CCF3-4AF5-973F-FD68CC9E2291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB2DBC9-0934-4BA2-A6E0-CF1BCB1E0E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "362CDCE7-16DA-4951-81ED-5B858126E37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C64FB724-0978-48E1-94AA-2ED5281C1C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9535A094-9B6F-4E17-8097-D7A6D8936F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F473B48-F48A-4B6B-8D69-1F97BB6AA923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E1A7DB-906F-4973-BF1C-EFFA0B595A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9E6EB8-B5E5-41DF-B5E2-0A97448D16A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36BEAB4E-04DA-4EDD-990C-697EA0984291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "142B9B05-955E-4688-AF6E-ED7B4FE41846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "295D48BB-F143-4047-B366-74101AB983CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58431B48-EA29-4A6F-B9FF-C416924E63B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61064C18-0E45-4790-B323-262287D8DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFF25C4-03F2-4D65-ABA9-2406957D546E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Application Framework anteriores a 3.0.8 permiten a usuarios remotos autenticados inyectar HTML o \u0027script\u0027 web de su elecci\u00f3n mediante m\u00faltiples vectores, como se ha demostrado mediante (1) el campo identidad, (2) los campos de b\u00fasqueda \"Category\" y (3) \"Label\", (4) el campo \"Mobile Phone\", y (5) los campos \"Date\" y \"Time\" cuando se importa ficheros CSV, lo cual ha sido explotado mediante m\u00f3dulos como (a) Turba Address Book, (b) Kronolith, (c) Mnemo, y (d) Nag."
}
],
"id": "CVE-2005-4190",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-13T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2005/000238.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17970"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19619"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19897"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20960"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.sec-consult.com/245.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15802"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15803"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15804"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15806"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15808"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15810"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2005/000238.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sec-consult.com/245.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2835"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-7984 (GCVE-0-2015-7984)
Vulnerability from cvelistv5 – Published: 2015-11-19 20:00 – Updated: 2024-08-06 08:06
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2015/001124.html"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2015/001138.html"
},
{
"name": "38765",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38765/"
},
{
"name": "DSA-3391",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3391"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2015/001137.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2015/001124.html"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2015/001138.html"
},
{
"name": "38765",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38765/"
},
{
"name": "DSA-3391",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3391"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2015/001137.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2015/001124.html"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2015/001138.html"
},
{
"name": "38765",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38765/"
},
{
"name": "DSA-3391",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3391"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2015/001137.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23272",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7984",
"datePublished": "2015-11-19T20:00:00",
"dateReserved": "2015-10-26T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1691 (GCVE-0-2014-1691)
Vulnerability from cvelistv5 – Published: 2014-04-01 15:00 – Updated: 2024-08-06 09:50
VLAI?
Summary
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:10.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
},
{
"name": "[oss-security] 20140128 Re: Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/156"
},
{
"name": "[oss-security] 20140128 Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/153"
},
{
"name": "[oss-security] 20140129 Re: Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/169"
},
{
"name": "DSA-2853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-01T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
},
{
"name": "[oss-security] 20140128 Re: Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/156"
},
{
"name": "[oss-security] 20140128 Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/153"
},
{
"name": "[oss-security] 20140129 Re: Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/169"
},
{
"name": "DSA-2853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215",
"refsource": "CONFIRM",
"url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
},
{
"name": "[oss-security] 20140128 Re: Remote code execution in horde \u003c 5.1.1",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/156"
},
{
"name": "[oss-security] 20140128 Remote code execution in horde \u003c 5.1.1",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/153"
},
{
"name": "[oss-security] 20140129 Re: Remote code execution in horde \u003c 5.1.1",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/169"
},
{
"name": "DSA-2853",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2853"
},
{
"name": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3",
"refsource": "CONFIRM",
"url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1691",
"datePublished": "2014-04-01T15:00:00",
"dateReserved": "2014-01-28T00:00:00",
"dateUpdated": "2024-08-06T09:50:10.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3077 (GCVE-0-2010-3077)
Vulnerability from cvelistv5 – Published: 2010-11-09 20:00 – Updated: 2024-08-07 02:55
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
},
{
"name": "20100906 XSS in Horde Application Framework \u003c=3.3.8, icon_browser.php",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Sep/82"
},
{
"name": "FEDORA-2010-16592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git\u0026r1=a978a35c3e95e784253508fd4333d2fbb64830b6\u0026r2=9342addbd2b95f184f230773daa4faf5ef6d65e9"
},
{
"name": "FEDORA-2010-16555",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"name": "42140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42140"
},
{
"name": "[announce] 20100928 Horde 3.3.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-12T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
},
{
"name": "20100906 XSS in Horde Application Framework \u003c=3.3.8, icon_browser.php",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Sep/82"
},
{
"name": "FEDORA-2010-16592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git\u0026r1=a978a35c3e95e784253508fd4333d2fbb64830b6\u0026r2=9342addbd2b95f184f230773daa4faf5ef6d65e9"
},
{
"name": "FEDORA-2010-16555",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"name": "42140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42140"
},
{
"name": "[announce] 20100928 Horde 3.3.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3077",
"datePublished": "2010-11-09T20:00:00",
"dateReserved": "2010-08-20T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3694 (GCVE-0-2010-3694)
Vulnerability from cvelistv5 – Published: 2010-11-09 20:00 – Updated: 2024-08-07 03:18
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
},
{
"name": "FEDORA-2010-16592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"name": "FEDORA-2010-16555",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"name": "42140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42140"
},
{
"name": "[announce] 20100928 Horde 3.3.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-12T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
},
{
"name": "FEDORA-2010-16592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"name": "FEDORA-2010-16555",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"name": "42140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42140"
},
{
"name": "[announce] 20100928 Horde 3.3.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3694",
"datePublished": "2010-11-09T20:00:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3237 (GCVE-0-2009-3237)
Vulnerability from cvelistv5 – Published: 2009-09-17 10:00 – Updated: 2024-08-07 06:22
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "text parts" that are not properly handled in the MIME viewer library (config/mime_drivers.php).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:22:23.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36665"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.horde.org/ticket/?id=8311"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.horde.org/ticket/?id=8399"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "horde-mimeviewer-xss(53200)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "58109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58109"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "58108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58108"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME \"text parts\" that are not properly handled in the MIME viewer library (config/mime_drivers.php)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36665"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.horde.org/ticket/?id=8311"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.horde.org/ticket/?id=8399"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "horde-mimeviewer-xss(53200)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "58109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58109"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "58108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58108"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME \"text parts\" that are not properly handled in the MIME viewer library (config/mime_drivers.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36665"
},
{
"name": "http://bugs.horde.org/ticket/?id=8311",
"refsource": "CONFIRM",
"url": "http://bugs.horde.org/ticket/?id=8311"
},
{
"name": "http://bugs.horde.org/ticket/?id=8399",
"refsource": "CONFIRM",
"url": "http://bugs.horde.org/ticket/?id=8399"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "horde-mimeviewer-xss(53200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "58109",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58109"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "58108",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58108"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3237",
"datePublished": "2009-09-17T10:00:00",
"dateReserved": "2009-09-16T00:00:00",
"dateUpdated": "2024-08-07T06:22:23.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1473 (GCVE-0-2007-1473)
Vulnerability from cvelistv5 – Published: 2007-03-16 21:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070315 Horde 3.1.4 (RC1) fixes XSS issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
},
{
"name": "SUSE-SR:2007:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
},
{
"name": "24528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24528"
},
{
"name": "24995",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24995"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-login-xss(33013)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
},
{
"name": "2427",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2427"
},
{
"name": "1017775",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017775"
},
{
"name": "22984",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22984"
},
{
"name": "33084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/33084"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070315 Horde 3.1.4 (RC1) fixes XSS issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
},
{
"name": "SUSE-SR:2007:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
},
{
"name": "24528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24528"
},
{
"name": "24995",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24995"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-login-xss(33013)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
},
{
"name": "2427",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2427"
},
{
"name": "1017775",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017775"
},
{
"name": "22984",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22984"
},
{
"name": "33084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/33084"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070315 Horde 3.1.4 (RC1) fixes XSS issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
},
{
"name": "SUSE-SR:2007:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
},
{
"name": "24528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24528"
},
{
"name": "24995",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24995"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-login-xss(33013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
},
{
"name": "2427",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2427"
},
{
"name": "1017775",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017775"
},
{
"name": "22984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22984"
},
{
"name": "33084",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33084"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1473",
"datePublished": "2007-03-16T21:00:00",
"dateReserved": "2007-03-16T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1474 (GCVE-0-2007-1474)
Vulnerability from cvelistv5 – Published: 2007-03-16 21:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
},
{
"name": "1017784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017784"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-cron-file-deletion(32997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
},
{
"name": "22985",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22985"
},
{
"name": "1017785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017785"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
},
{
"name": "1017784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017784"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-cron-file-deletion(32997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
},
{
"name": "22985",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22985"
},
{
"name": "1017785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017785"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
},
{
"name": "1017784",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017784"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-cron-file-deletion(32997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
},
{
"name": "22985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22985"
},
{
"name": "1017785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017785"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1474",
"datePublished": "2007-03-16T21:00:00",
"dateReserved": "2007-03-16T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3549 (GCVE-0-2006-3549)
Vulnerability from cvelistv5 – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform \"Web tunneling\" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform \"Web tunneling\" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.horde.org/archives/announce/2006/000287.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016442"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000288.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1229"
},
{
"name": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3549",
"datePublished": "2006-07-13T00:00:00",
"dateReserved": "2006-07-12T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4190 (GCVE-0-2005-4190)
Vulnerability from cvelistv5 – Published: 2005-12-13 11:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15810",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15810"
},
{
"name": "15806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15806"
},
{
"name": "15808",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15808"
},
{
"name": "ADV-2005-2835",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2835"
},
{
"name": "15804",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15804"
},
{
"name": "15803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15803"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "15802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15802"
},
{
"name": "17970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17970"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20960"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sec-consult.com/245.html"
},
{
"name": "[horde-announce] 20051211 Horde 3.0.8 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000238.html"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-16T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15810",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15810"
},
{
"name": "15806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15806"
},
{
"name": "15808",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15808"
},
{
"name": "ADV-2005-2835",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2835"
},
{
"name": "15804",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15804"
},
{
"name": "15803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15803"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "15802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15802"
},
{
"name": "17970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17970"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20960"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sec-consult.com/245.html"
},
{
"name": "[horde-announce] 20051211 Horde 3.0.8 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2005/000238.html"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15810"
},
{
"name": "15806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15806"
},
{
"name": "15808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15808"
},
{
"name": "ADV-2005-2835",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2835"
},
{
"name": "15804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15804"
},
{
"name": "15803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15803"
},
{
"name": "19619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "SUSE-SR:2006:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "15802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15802"
},
{
"name": "17970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17970"
},
{
"name": "20960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20960"
},
{
"name": "http://www.sec-consult.com/245.html",
"refsource": "MISC",
"url": "http://www.sec-consult.com/245.html"
},
{
"name": "[horde-announce] 20051211 Horde 3.0.8 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000238.html"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4190",
"datePublished": "2005-12-13T11:00:00",
"dateReserved": "2005-12-13T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7984 (GCVE-0-2015-7984)
Vulnerability from nvd – Published: 2015-11-19 20:00 – Updated: 2024-08-06 08:06
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2015/001124.html"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2015/001138.html"
},
{
"name": "38765",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38765/"
},
{
"name": "DSA-3391",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3391"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2015/001137.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2015/001124.html"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2015/001138.html"
},
{
"name": "38765",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38765/"
},
{
"name": "DSA-3391",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3391"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2015/001137.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2015/001124.html"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2015/001138.html"
},
{
"name": "38765",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38765/"
},
{
"name": "DSA-3391",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3391"
},
{
"name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2015/001137.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23272",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7984",
"datePublished": "2015-11-19T20:00:00",
"dateReserved": "2015-10-26T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1691 (GCVE-0-2014-1691)
Vulnerability from nvd – Published: 2014-04-01 15:00 – Updated: 2024-08-06 09:50
VLAI?
Summary
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:10.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
},
{
"name": "[oss-security] 20140128 Re: Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/156"
},
{
"name": "[oss-security] 20140128 Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/153"
},
{
"name": "[oss-security] 20140129 Re: Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/169"
},
{
"name": "DSA-2853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-01T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
},
{
"name": "[oss-security] 20140128 Re: Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/156"
},
{
"name": "[oss-security] 20140128 Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/153"
},
{
"name": "[oss-security] 20140129 Re: Remote code execution in horde \u003c 5.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/169"
},
{
"name": "DSA-2853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215",
"refsource": "CONFIRM",
"url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
},
{
"name": "[oss-security] 20140128 Re: Remote code execution in horde \u003c 5.1.1",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/156"
},
{
"name": "[oss-security] 20140128 Remote code execution in horde \u003c 5.1.1",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/153"
},
{
"name": "[oss-security] 20140129 Re: Remote code execution in horde \u003c 5.1.1",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/169"
},
{
"name": "DSA-2853",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2853"
},
{
"name": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3",
"refsource": "CONFIRM",
"url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1691",
"datePublished": "2014-04-01T15:00:00",
"dateReserved": "2014-01-28T00:00:00",
"dateUpdated": "2024-08-06T09:50:10.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3077 (GCVE-0-2010-3077)
Vulnerability from nvd – Published: 2010-11-09 20:00 – Updated: 2024-08-07 02:55
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
},
{
"name": "20100906 XSS in Horde Application Framework \u003c=3.3.8, icon_browser.php",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Sep/82"
},
{
"name": "FEDORA-2010-16592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git\u0026r1=a978a35c3e95e784253508fd4333d2fbb64830b6\u0026r2=9342addbd2b95f184f230773daa4faf5ef6d65e9"
},
{
"name": "FEDORA-2010-16555",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"name": "42140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42140"
},
{
"name": "[announce] 20100928 Horde 3.3.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-12T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
},
{
"name": "20100906 XSS in Horde Application Framework \u003c=3.3.8, icon_browser.php",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Sep/82"
},
{
"name": "FEDORA-2010-16592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git\u0026r1=a978a35c3e95e784253508fd4333d2fbb64830b6\u0026r2=9342addbd2b95f184f230773daa4faf5ef6d65e9"
},
{
"name": "FEDORA-2010-16555",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"name": "42140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42140"
},
{
"name": "[announce] 20100928 Horde 3.3.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3077",
"datePublished": "2010-11-09T20:00:00",
"dateReserved": "2010-08-20T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3694 (GCVE-0-2010-3694)
Vulnerability from nvd – Published: 2010-11-09 20:00 – Updated: 2024-08-07 03:18
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
},
{
"name": "FEDORA-2010-16592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"name": "FEDORA-2010-16555",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"name": "42140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42140"
},
{
"name": "[announce] 20100928 Horde 3.3.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-12T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
},
{
"name": "FEDORA-2010-16592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
},
{
"name": "FEDORA-2010-16555",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
},
{
"name": "42140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42140"
},
{
"name": "[announce] 20100928 Horde 3.3.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2010/000557.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3694",
"datePublished": "2010-11-09T20:00:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3237 (GCVE-0-2009-3237)
Vulnerability from nvd – Published: 2009-09-17 10:00 – Updated: 2024-08-07 06:22
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "text parts" that are not properly handled in the MIME viewer library (config/mime_drivers.php).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:22:23.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36665"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.horde.org/ticket/?id=8311"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.horde.org/ticket/?id=8399"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "horde-mimeviewer-xss(53200)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "58109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58109"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "58108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58108"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME \"text parts\" that are not properly handled in the MIME viewer library (config/mime_drivers.php)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36665"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.horde.org/ticket/?id=8311"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.horde.org/ticket/?id=8399"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "horde-mimeviewer-xss(53200)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "58109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58109"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "58108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58108"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME \"text parts\" that are not properly handled in the MIME viewer library (config/mime_drivers.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36665"
},
{
"name": "http://bugs.horde.org/ticket/?id=8311",
"refsource": "CONFIRM",
"url": "http://bugs.horde.org/ticket/?id=8311"
},
{
"name": "http://bugs.horde.org/ticket/?id=8399",
"refsource": "CONFIRM",
"url": "http://bugs.horde.org/ticket/?id=8399"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "horde-mimeviewer-xss(53200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "58109",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58109"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "58108",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58108"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3237",
"datePublished": "2009-09-17T10:00:00",
"dateReserved": "2009-09-16T00:00:00",
"dateUpdated": "2024-08-07T06:22:23.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1473 (GCVE-0-2007-1473)
Vulnerability from nvd – Published: 2007-03-16 21:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070315 Horde 3.1.4 (RC1) fixes XSS issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
},
{
"name": "SUSE-SR:2007:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
},
{
"name": "24528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24528"
},
{
"name": "24995",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24995"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-login-xss(33013)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
},
{
"name": "2427",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2427"
},
{
"name": "1017775",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017775"
},
{
"name": "22984",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22984"
},
{
"name": "33084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/33084"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070315 Horde 3.1.4 (RC1) fixes XSS issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
},
{
"name": "SUSE-SR:2007:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
},
{
"name": "24528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24528"
},
{
"name": "24995",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24995"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-login-xss(33013)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
},
{
"name": "2427",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2427"
},
{
"name": "1017775",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017775"
},
{
"name": "22984",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22984"
},
{
"name": "33084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/33084"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070315 Horde 3.1.4 (RC1) fixes XSS issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
},
{
"name": "SUSE-SR:2007:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
},
{
"name": "24528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24528"
},
{
"name": "24995",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24995"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-login-xss(33013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
},
{
"name": "2427",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2427"
},
{
"name": "1017775",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017775"
},
{
"name": "22984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22984"
},
{
"name": "33084",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33084"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1473",
"datePublished": "2007-03-16T21:00:00",
"dateReserved": "2007-03-16T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1474 (GCVE-0-2007-1474)
Vulnerability from nvd – Published: 2007-03-16 21:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
},
{
"name": "1017784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017784"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-cron-file-deletion(32997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
},
{
"name": "22985",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22985"
},
{
"name": "1017785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017785"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
},
{
"name": "1017784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017784"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-cron-file-deletion(32997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
},
{
"name": "22985",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22985"
},
{
"name": "1017785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017785"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
},
{
"name": "1017784",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017784"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "horde-cron-file-deletion(32997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
},
{
"name": "22985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22985"
},
{
"name": "1017785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017785"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "ADV-2007-0965",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0965"
},
{
"name": "[announce] 20070314 Horde 3.1.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2007/000315.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1474",
"datePublished": "2007-03-16T21:00:00",
"dateReserved": "2007-03-16T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3549 (GCVE-0-2006-3549)
Vulnerability from nvd – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform \"Web tunneling\" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform \"Web tunneling\" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.horde.org/archives/announce/2006/000287.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016442"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000288.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1229"
},
{
"name": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3549",
"datePublished": "2006-07-13T00:00:00",
"dateReserved": "2006-07-12T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4190 (GCVE-0-2005-4190)
Vulnerability from nvd – Published: 2005-12-13 11:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15810",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15810"
},
{
"name": "15806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15806"
},
{
"name": "15808",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15808"
},
{
"name": "ADV-2005-2835",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2835"
},
{
"name": "15804",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15804"
},
{
"name": "15803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15803"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "15802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15802"
},
{
"name": "17970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17970"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20960"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sec-consult.com/245.html"
},
{
"name": "[horde-announce] 20051211 Horde 3.0.8 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000238.html"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-16T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15810",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15810"
},
{
"name": "15806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15806"
},
{
"name": "15808",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15808"
},
{
"name": "ADV-2005-2835",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2835"
},
{
"name": "15804",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15804"
},
{
"name": "15803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15803"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "15802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15802"
},
{
"name": "17970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17970"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20960"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sec-consult.com/245.html"
},
{
"name": "[horde-announce] 20051211 Horde 3.0.8 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2005/000238.html"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15810"
},
{
"name": "15806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15806"
},
{
"name": "15808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15808"
},
{
"name": "ADV-2005-2835",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2835"
},
{
"name": "15804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15804"
},
{
"name": "15803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15803"
},
{
"name": "19619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "SUSE-SR:2006:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "15802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15802"
},
{
"name": "17970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17970"
},
{
"name": "20960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20960"
},
{
"name": "http://www.sec-consult.com/245.html",
"refsource": "MISC",
"url": "http://www.sec-consult.com/245.html"
},
{
"name": "[horde-announce] 20051211 Horde 3.0.8 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000238.html"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4190",
"datePublished": "2005-12-13T11:00:00",
"dateReserved": "2005-12-13T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}