Search
Find a vulnerability
Search criteria
36 vulnerabilities found for horde by horde
CVE-2012-0209 (GCVE-0-2012-0209)
Vulnerability from nvd – Published: 2012-09-25 22:00 – Updated: 2024-09-16 21:57
VLAI
Summary
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://dev.horde.org/h/jonah/stories/view.php?cha… | x_refsource_CONFIRM |
| http://eromang.zataz.com/2012/02/15/cve-2012-0209… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=790877 | x_refsource_MISC |
| http://packetstormsecurity.org/files/109874/Horde… | x_refsource_MISC |
| http://lists.horde.org/archives/announce/2012/000… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-25T22:00:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155",
"refsource": "CONFIRM",
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"name": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/",
"refsource": "MISC",
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=790877",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"name": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0209",
"datePublished": "2012-09-25T22:00:00.000Z",
"dateReserved": "2011-12-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:57:27.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1638 (GCVE-0-2010-1638)
Vulnerability from nvd – Published: 2010-06-22 17:00 – Updated: 2024-08-07 01:28
VLAI
Summary
The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2010/05/25/2 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2010/05/21/2 | mailing-listx_refsource_MLIST |
| http://conference.hitb.org/hitbsecconf2010dxb/mat… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
},
{
"name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product\u0027s installation documentation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-22T17:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
},
{
"name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1638",
"datePublished": "2010-06-22T17:00:00.000Z",
"dateReserved": "2010-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:28:41.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7218 (GCVE-0-2008-7218)
Vulnerability from nvd – Published: 2009-09-13 22:00 – Updated: 2024-08-07 11:56
VLAI
Summary
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2008-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/42775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/42775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/42775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7218",
"datePublished": "2009-09-13T22:00:00.000Z",
"dateReserved": "2009-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3824 (GCVE-0-2008-3824)
Vulnerability from nvd – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
VLAI
Summary
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2008-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
},
{
"name": "horde-htmlmessages-xss(45031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
},
{
"name": "47996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47996"
},
{
"name": "31107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
},
{
"name": "horde-htmlmessages-xss(45031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
},
{
"name": "47996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47996"
},
{
"name": "31107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31107"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3824",
"datePublished": "2008-09-12T16:00:00.000Z",
"dateReserved": "2008-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:53:00.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3823 (GCVE-0-2008-3823)
Vulnerability from nvd – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
VLAI
Summary
Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/31842 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2008/dsa-1642 | vendor-advisoryx_refsource_DEBIAN |
| http://www.vupen.com/english/advisories/2008/2548 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/31959 | third-party-advisoryx_refsource_SECUNIA |
| http://ocert.org/patches/2008-012/MIME.patch | x_refsource_MISC |
| http://marc.info/?l=horde-announce&m=122104360019… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/31110 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/496182/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/4245 | third-party-advisoryx_refsource_SREASON |
| http://www.openwall.com/lists/oss-security/2008/09/10/1 | mailing-listx_refsource_MLIST |
| http://www.ocert.org/advisories/ocert-2008-012.html | x_refsource_MISC |
Date Public
2008-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "horde-mime-xss(45030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31842"
},
{
"name": "DSA-1642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1642"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "31959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31959"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/MIME.patch"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"name": "31110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31110"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "horde-mime-xss(45030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31842"
},
{
"name": "DSA-1642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1642"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "31959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31959"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/MIME.patch"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"name": "31110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31110"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3823",
"datePublished": "2008-09-12T16:00:00.000Z",
"dateReserved": "2008-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:53:00.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1284 (GCVE-0-2008-1284)
Vulnerability from nvd – Published: 2008-03-11 00:00 – Updated: 2024-08-07 08:17
VLAI
Summary
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2008-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3726",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3726",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3726",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1284",
"datePublished": "2008-03-11T00:00:00.000Z",
"dateReserved": "2008-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6018 (GCVE-0-2007-6018)
Vulnerability from nvd – Published: 2008-01-11 02:00 – Updated: 2024-08-07 15:54
VLAI
Summary
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2008-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:25.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "29186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-6018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29186"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=428625",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"name": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"name": "http://secunia.com/secunia_research/2007-102/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-6018",
"datePublished": "2008-01-11T02:00:00.000Z",
"dateReserved": "2007-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:54:25.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4255 (GCVE-0-2006-4255)
Vulnerability from nvd – Published: 2006-08-21 20:00 – Updated: 2024-08-07 19:06
VLAI
Summary
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/19544 | vdb-entryx_refsource_BID |
| http://lists.horde.org/archives/announce/2006/000… | mailing-listx_refsource_MLIST |
| http://www.vupen.com/english/advisories/2006/3316 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/1423 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/21533 | third-party-advisoryx_refsource_SECUNIA |
| http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/443361/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1016713 | vdb-entryx_refsource_SECTRACK |
Date Public
2006-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19544",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21533"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19544",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21533"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21533"
},
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4255",
"datePublished": "2006-08-21T20:00:00.000Z",
"dateReserved": "2006-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:06.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3548 (GCVE-0-2006-3548)
Vulnerability from nvd – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2006-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000287.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016442"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000288.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1229"
},
{
"name": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3548",
"datePublished": "2006-07-13T00:00:00.000Z",
"dateReserved": "2006-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:34.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2195 (GCVE-0-2006-2195)
Vulnerability from nvd – Published: 2006-06-15 10:00 – Updated: 2024-08-07 17:43
VLAI
Summary
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2006-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20750"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26514"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20750"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26514"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-2195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20750"
},
{
"name": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt",
"refsource": "MISC",
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"name": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26514"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=136830",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-2195",
"datePublished": "2006-06-15T10:00:00.000Z",
"dateReserved": "2006-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:28.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1260 (GCVE-0-2006-1260)
Vulnerability from nvd – Published: 2006-03-19 02:00 – Updated: 2024-08-07 17:03
VLAI
Summary
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2006-03-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "590",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "590",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "590",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1260",
"datePublished": "2006-03-19T02:00:00.000Z",
"dateReserved": "2006-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:28.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3759 (GCVE-0-2005-3759)
Vulnerability from nvd – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://www.vupen.com/english/advisories/2005/2536 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/17599 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/417436/30/… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/15535 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/17703 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.horde.org/archives/announce/2005/000… | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2005/dsa-909 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200511-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3759",
"datePublished": "2005-11-22T21:00:00.000Z",
"dateReserved": "2005-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:35.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3570 (GCVE-0-2005-3570)
Vulnerability from nvd – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:17
VLAI
Summary
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/15409 | vdb-entryx_refsource_BID |
| http://lists.horde.org/archives/announce/2005/000… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/17468 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://www.vupen.com/english/advisories/2005/2403 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/17794 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/17702 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2005/dsa-914 | vendor-advisoryx_refsource_DEBIAN |
| http://cvs.horde.org/diff.php/horde/docs/CHANGES?… | x_refsource_CONFIRM |
Date Public
2005-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15409",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-30T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15409",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3570",
"datePublished": "2005-11-16T07:37:00.000Z",
"dateReserved": "2005-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:17:23.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3344 (GCVE-0-2005-3344)
Vulnerability from nvd – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:10
VLAI
Summary
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/15337/ | vdb-entryx_refsource_BID |
| http://www.networkscanning.com/Horde-Default-Admi… | x_refsource_MISC |
| http://www.osvdb.org/24117 | vdb-entryx_refsource_OSVDB |
| http://www.debian.org/security/2005/dsa-884 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "horde-default-account(24576)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "horde-default-account(24576)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "horde-default-account(24576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"name": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html",
"refsource": "MISC",
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3344",
"datePublished": "2005-11-16T07:37:00.000Z",
"dateReserved": "2005-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0378 (GCVE-0-2005-0378)
Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-07 21:13
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.hyperdose.com/advisories/H2005-01.txt | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=110564059322774&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/12255 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1012892 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2005-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hyperdose.com/advisories/H2005-01.txt",
"refsource": "MISC",
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0378",
"datePublished": "2005-02-13T05:00:00.000Z",
"dateReserved": "2005-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:53.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0209 (GCVE-0-2012-0209)
Vulnerability from cvelistv5 – Published: 2012-09-25 22:00 – Updated: 2024-09-16 21:57
VLAI
Summary
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://dev.horde.org/h/jonah/stories/view.php?cha… | x_refsource_CONFIRM |
| http://eromang.zataz.com/2012/02/15/cve-2012-0209… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=790877 | x_refsource_MISC |
| http://packetstormsecurity.org/files/109874/Horde… | x_refsource_MISC |
| http://lists.horde.org/archives/announce/2012/000… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-25T22:00:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155",
"refsource": "CONFIRM",
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"name": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/",
"refsource": "MISC",
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=790877",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"name": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0209",
"datePublished": "2012-09-25T22:00:00.000Z",
"dateReserved": "2011-12-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:57:27.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1638 (GCVE-0-2010-1638)
Vulnerability from cvelistv5 – Published: 2010-06-22 17:00 – Updated: 2024-08-07 01:28
VLAI
Summary
The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2010/05/25/2 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2010/05/21/2 | mailing-listx_refsource_MLIST |
| http://conference.hitb.org/hitbsecconf2010dxb/mat… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
},
{
"name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product\u0027s installation documentation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-22T17:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
},
{
"name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1638",
"datePublished": "2010-06-22T17:00:00.000Z",
"dateReserved": "2010-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:28:41.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7218 (GCVE-0-2008-7218)
Vulnerability from cvelistv5 – Published: 2009-09-13 22:00 – Updated: 2024-08-07 11:56
VLAI
Summary
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2008-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/42775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/42775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/42775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7218",
"datePublished": "2009-09-13T22:00:00.000Z",
"dateReserved": "2009-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3824 (GCVE-0-2008-3824)
Vulnerability from cvelistv5 – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
VLAI
Summary
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2008-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
},
{
"name": "horde-htmlmessages-xss(45031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
},
{
"name": "47996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47996"
},
{
"name": "31107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
},
{
"name": "horde-htmlmessages-xss(45031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
},
{
"name": "47996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47996"
},
{
"name": "31107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31107"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3824",
"datePublished": "2008-09-12T16:00:00.000Z",
"dateReserved": "2008-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:53:00.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3823 (GCVE-0-2008-3823)
Vulnerability from cvelistv5 – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
VLAI
Summary
Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/31842 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2008/dsa-1642 | vendor-advisoryx_refsource_DEBIAN |
| http://www.vupen.com/english/advisories/2008/2548 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/31959 | third-party-advisoryx_refsource_SECUNIA |
| http://ocert.org/patches/2008-012/MIME.patch | x_refsource_MISC |
| http://marc.info/?l=horde-announce&m=122104360019… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/31110 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/496182/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/4245 | third-party-advisoryx_refsource_SREASON |
| http://www.openwall.com/lists/oss-security/2008/09/10/1 | mailing-listx_refsource_MLIST |
| http://www.ocert.org/advisories/ocert-2008-012.html | x_refsource_MISC |
Date Public
2008-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "horde-mime-xss(45030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31842"
},
{
"name": "DSA-1642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1642"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "31959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31959"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/MIME.patch"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"name": "31110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31110"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "horde-mime-xss(45030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31842"
},
{
"name": "DSA-1642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1642"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "31959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31959"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/MIME.patch"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"name": "31110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31110"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3823",
"datePublished": "2008-09-12T16:00:00.000Z",
"dateReserved": "2008-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:53:00.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1284 (GCVE-0-2008-1284)
Vulnerability from cvelistv5 – Published: 2008-03-11 00:00 – Updated: 2024-08-07 08:17
VLAI
Summary
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2008-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3726",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3726",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3726",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1284",
"datePublished": "2008-03-11T00:00:00.000Z",
"dateReserved": "2008-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6018 (GCVE-0-2007-6018)
Vulnerability from cvelistv5 – Published: 2008-01-11 02:00 – Updated: 2024-08-07 15:54
VLAI
Summary
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2008-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:25.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "29186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-6018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29186"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=428625",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"name": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"name": "http://secunia.com/secunia_research/2007-102/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-6018",
"datePublished": "2008-01-11T02:00:00.000Z",
"dateReserved": "2007-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:54:25.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4255 (GCVE-0-2006-4255)
Vulnerability from cvelistv5 – Published: 2006-08-21 20:00 – Updated: 2024-08-07 19:06
VLAI
Summary
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/19544 | vdb-entryx_refsource_BID |
| http://lists.horde.org/archives/announce/2006/000… | mailing-listx_refsource_MLIST |
| http://www.vupen.com/english/advisories/2006/3316 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/1423 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/21533 | third-party-advisoryx_refsource_SECUNIA |
| http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/443361/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1016713 | vdb-entryx_refsource_SECTRACK |
Date Public
2006-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19544",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21533"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19544",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21533"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21533"
},
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4255",
"datePublished": "2006-08-21T20:00:00.000Z",
"dateReserved": "2006-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:06.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3548 (GCVE-0-2006-3548)
Vulnerability from cvelistv5 – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2006-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000287.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016442"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000288.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1229"
},
{
"name": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3548",
"datePublished": "2006-07-13T00:00:00.000Z",
"dateReserved": "2006-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:34.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2195 (GCVE-0-2006-2195)
Vulnerability from cvelistv5 – Published: 2006-06-15 10:00 – Updated: 2024-08-07 17:43
VLAI
Summary
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2006-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20750"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26514"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20750"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26514"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-2195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20750"
},
{
"name": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt",
"refsource": "MISC",
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"name": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26514"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=136830",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-2195",
"datePublished": "2006-06-15T10:00:00.000Z",
"dateReserved": "2006-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:28.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1260 (GCVE-0-2006-1260)
Vulnerability from cvelistv5 – Published: 2006-03-19 02:00 – Updated: 2024-08-07 17:03
VLAI
Summary
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2006-03-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "590",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "590",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "590",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1260",
"datePublished": "2006-03-19T02:00:00.000Z",
"dateReserved": "2006-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:28.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3759 (GCVE-0-2005-3759)
Vulnerability from cvelistv5 – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://www.vupen.com/english/advisories/2005/2536 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/17599 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/417436/30/… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/15535 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/17703 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.horde.org/archives/announce/2005/000… | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2005/dsa-909 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200511-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3759",
"datePublished": "2005-11-22T21:00:00.000Z",
"dateReserved": "2005-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:35.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3570 (GCVE-0-2005-3570)
Vulnerability from cvelistv5 – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:17
VLAI
Summary
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/15409 | vdb-entryx_refsource_BID |
| http://lists.horde.org/archives/announce/2005/000… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/17468 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://www.vupen.com/english/advisories/2005/2403 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/17794 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/17702 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2005/dsa-914 | vendor-advisoryx_refsource_DEBIAN |
| http://cvs.horde.org/diff.php/horde/docs/CHANGES?… | x_refsource_CONFIRM |
Date Public
2005-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15409",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-30T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15409",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3570",
"datePublished": "2005-11-16T07:37:00.000Z",
"dateReserved": "2005-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:17:23.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3344 (GCVE-0-2005-3344)
Vulnerability from cvelistv5 – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:10
VLAI
Summary
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/15337/ | vdb-entryx_refsource_BID |
| http://www.networkscanning.com/Horde-Default-Admi… | x_refsource_MISC |
| http://www.osvdb.org/24117 | vdb-entryx_refsource_OSVDB |
| http://www.debian.org/security/2005/dsa-884 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "horde-default-account(24576)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "horde-default-account(24576)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "horde-default-account(24576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"name": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html",
"refsource": "MISC",
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3344",
"datePublished": "2005-11-16T07:37:00.000Z",
"dateReserved": "2005-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0378 (GCVE-0-2005-0378)
Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-07 21:13
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.hyperdose.com/advisories/H2005-01.txt | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=110564059322774&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/12255 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1012892 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2005-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hyperdose.com/advisories/H2005-01.txt",
"refsource": "MISC",
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0378",
"datePublished": "2005-02-13T05:00:00.000Z",
"dateReserved": "2005-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:53.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}