Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9858 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $ ...
Show More |
|||||
| CVE-2019-12095 | 1 Horde | 1 Groupware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
|
|||||
| CVE-2019-12094 | 1 Horde | 1 Groupware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
|
|||||
| CVE-2013-6365 | 3 Debian, Horde, Opensuse | 3 Debian Linux, Groupware, Opensuse | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
|
|||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
|
|||||
| CVE-2013-6275 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
|
|||||