Search

Find a vulnerability

Search criteria

    36 vulnerabilities found for horde by horde

    CVE-2012-0209 (GCVE-0-2012-0209)

    Vulnerability from nvd – Published: 2012-09-25 22:00 – Updated: 2024-09-16 21:57
    VLAI
    Summary
    Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:16:19.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
              },
              {
                "name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2012/000751.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-25T22:00:00.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
            },
            {
              "name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2012/000751.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2012-0209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155",
                  "refsource": "CONFIRM",
                  "url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
                },
                {
                  "name": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/",
                  "refsource": "MISC",
                  "url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=790877",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
                },
                {
                  "name": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
                },
                {
                  "name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2012/000751.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2012-0209",
        "datePublished": "2012-09-25T22:00:00.000Z",
        "dateReserved": "2011-12-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:57:27.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1638 (GCVE-0-2010-1638)

    Vulnerability from nvd – Published: 2010-06-22 17:00 – Updated: 2024-08-07 01:28
    VLAI
    Summary
    The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:41.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
              },
              {
                "name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script.  NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product\u0027s installation documentation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-22T17:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
            },
            {
              "name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-1638",
        "datePublished": "2010-06-22T17:00:00.000Z",
        "dateReserved": "2010-04-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:28:41.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7218 (GCVE-0-2008-7218)

    Vulnerability from nvd – Published: 2009-09-13 22:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/27217 vdb-entryx_refsource_BID
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/28382 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.osvdb.org/42775 vdb-entryx_refsource_OSVDB
    Date Public
    2008-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000371.html"
              },
              {
                "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000369.html"
              },
              {
                "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000363.html"
              },
              {
                "name": "27217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27217"
              },
              {
                "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000365.html"
              },
              {
                "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000376.html"
              },
              {
                "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000367.html"
              },
              {
                "name": "FEDORA-2008-2212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
              },
              {
                "name": "[announce] 20080109 Horde 3.1.6 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000360.html"
              },
              {
                "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000364.html"
              },
              {
                "name": "28382",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28382"
              },
              {
                "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000377.html"
              },
              {
                "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000366.html"
              },
              {
                "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000361.html"
              },
              {
                "name": "horde-hordeapi-privilege-escalation(39599)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
              },
              {
                "name": "[announce] 20080122 Horde 3.2-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000374.html"
              },
              {
                "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000362.html"
              },
              {
                "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000368.html"
              },
              {
                "name": "42775",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/42775"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000371.html"
            },
            {
              "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000369.html"
            },
            {
              "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000363.html"
            },
            {
              "name": "27217",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27217"
            },
            {
              "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000365.html"
            },
            {
              "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000376.html"
            },
            {
              "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000367.html"
            },
            {
              "name": "FEDORA-2008-2212",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
            },
            {
              "name": "[announce] 20080109 Horde 3.1.6 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000360.html"
            },
            {
              "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000364.html"
            },
            {
              "name": "28382",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28382"
            },
            {
              "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000377.html"
            },
            {
              "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000366.html"
            },
            {
              "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000361.html"
            },
            {
              "name": "horde-hordeapi-privilege-escalation(39599)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
            },
            {
              "name": "[announce] 20080122 Horde 3.2-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000374.html"
            },
            {
              "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000362.html"
            },
            {
              "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000368.html"
            },
            {
              "name": "42775",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/42775"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7218",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000371.html"
                },
                {
                  "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000369.html"
                },
                {
                  "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000363.html"
                },
                {
                  "name": "27217",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27217"
                },
                {
                  "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000365.html"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000376.html"
                },
                {
                  "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000367.html"
                },
                {
                  "name": "FEDORA-2008-2212",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
                },
                {
                  "name": "[announce] 20080109 Horde 3.1.6 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000360.html"
                },
                {
                  "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000364.html"
                },
                {
                  "name": "28382",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28382"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000377.html"
                },
                {
                  "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000366.html"
                },
                {
                  "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000361.html"
                },
                {
                  "name": "horde-hordeapi-privilege-escalation(39599)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
                },
                {
                  "name": "[announce] 20080122 Horde 3.2-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000374.html"
                },
                {
                  "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000362.html"
                },
                {
                  "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000368.html"
                },
                {
                  "name": "42775",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/42775"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7218",
        "datePublished": "2009-09-13T22:00:00.000Z",
        "dateReserved": "2009-09-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3824 (GCVE-0-2008-3824)

    Vulnerability from nvd – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-09-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.438Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
              },
              {
                "name": "31842",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31842"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
              },
              {
                "name": "ADV-2008-2548",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2548"
              },
              {
                "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
              },
              {
                "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
              },
              {
                "name": "4245",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4245"
              },
              {
                "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
              },
              {
                "name": "horde-htmlmessages-xss(45031)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
              },
              {
                "name": "47996",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/47996"
              },
              {
                "name": "31107",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31107"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
            },
            {
              "name": "31842",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31842"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
            },
            {
              "name": "ADV-2008-2548",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2548"
            },
            {
              "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
            },
            {
              "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
            },
            {
              "name": "4245",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4245"
            },
            {
              "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
            },
            {
              "name": "horde-htmlmessages-xss(45031)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
            },
            {
              "name": "47996",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/47996"
            },
            {
              "name": "31107",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31107"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-3824",
        "datePublished": "2008-09-12T16:00:00.000Z",
        "dateReserved": "2008-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3823 (GCVE-0-2008-3823)

    Vulnerability from nvd – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/31842 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1642 vendor-advisoryx_refsource_DEBIAN
    http://www.vupen.com/english/advisories/2008/2548 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/31959 third-party-advisoryx_refsource_SECUNIA
    http://ocert.org/patches/2008-012/MIME.patch x_refsource_MISC
    http://marc.info/?l=horde-announce&m=122104360019… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/31110 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/496182/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/4245 third-party-advisoryx_refsource_SREASON
    http://www.openwall.com/lists/oss-security/2008/09/10/1 mailing-listx_refsource_MLIST
    http://www.ocert.org/advisories/ocert-2008-012.html x_refsource_MISC
    Date Public
    2008-09-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.419Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "horde-mime-xss(45030)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
              },
              {
                "name": "31842",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31842"
              },
              {
                "name": "DSA-1642",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1642"
              },
              {
                "name": "ADV-2008-2548",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2548"
              },
              {
                "name": "31959",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31959"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ocert.org/patches/2008-012/MIME.patch"
              },
              {
                "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
              },
              {
                "name": "31110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31110"
              },
              {
                "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
              },
              {
                "name": "4245",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4245"
              },
              {
                "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "horde-mime-xss(45030)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
            },
            {
              "name": "31842",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31842"
            },
            {
              "name": "DSA-1642",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1642"
            },
            {
              "name": "ADV-2008-2548",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2548"
            },
            {
              "name": "31959",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31959"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ocert.org/patches/2008-012/MIME.patch"
            },
            {
              "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
            },
            {
              "name": "31110",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31110"
            },
            {
              "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
            },
            {
              "name": "4245",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4245"
            },
            {
              "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-3823",
        "datePublished": "2008-09-12T16:00:00.000Z",
        "dateReserved": "2008-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1284 (GCVE-0-2008-1284)

    Vulnerability from nvd – Published: 2008-03-11 00:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3726 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/29286 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/archive/1/489239/100… mailing-listx_refsource_BUGTRAQ
    http://security.gentoo.org/glsa/glsa-200805-01.xml vendor-advisoryx_refsource_GENTOO
    http://www.debian.org/security/2008/dsa-1519 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/30047 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/29374 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/489289/100… mailing-listx_refsource_BUGTRAQ
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2008/0822… vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/28153 vdb-entryx_refsource_BID
    http://secunia.com/advisories/29400 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3726",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3726"
              },
              {
                "name": "29286",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29286"
              },
              {
                "name": "horde-theme-file-include(41054)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
              },
              {
                "name": "[announce] 20080307  Horde Groupware 1.0.5 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000383.html"
              },
              {
                "name": "[announce] 20080307  Horde Groupware Webmail Edition 1.0.6 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000384.html"
              },
              {
                "name": "FEDORA-2008-2406",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
              },
              {
                "name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
              },
              {
                "name": "GLSA-200805-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
              },
              {
                "name": "DSA-1519",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1519"
              },
              {
                "name": "30047",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30047"
              },
              {
                "name": "FEDORA-2008-2362",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
              },
              {
                "name": "29374",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29374"
              },
              {
                "name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
              },
              {
                "name": "[announce] 20080307 Horde 3.1.7 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000382.html"
              },
              {
                "name": "ADV-2008-0822",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0822/references"
              },
              {
                "name": "28153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28153"
              },
              {
                "name": "29400",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29400"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3726",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3726"
            },
            {
              "name": "29286",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29286"
            },
            {
              "name": "horde-theme-file-include(41054)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
            },
            {
              "name": "[announce] 20080307  Horde Groupware 1.0.5 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000383.html"
            },
            {
              "name": "[announce] 20080307  Horde Groupware Webmail Edition 1.0.6 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000384.html"
            },
            {
              "name": "FEDORA-2008-2406",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
            },
            {
              "name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
            },
            {
              "name": "GLSA-200805-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
            },
            {
              "name": "DSA-1519",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1519"
            },
            {
              "name": "30047",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30047"
            },
            {
              "name": "FEDORA-2008-2362",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
            },
            {
              "name": "29374",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29374"
            },
            {
              "name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
            },
            {
              "name": "[announce] 20080307 Horde 3.1.7 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000382.html"
            },
            {
              "name": "ADV-2008-0822",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0822/references"
            },
            {
              "name": "28153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28153"
            },
            {
              "name": "29400",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29400"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1284",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3726",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3726"
                },
                {
                  "name": "29286",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29286"
                },
                {
                  "name": "horde-theme-file-include(41054)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
                },
                {
                  "name": "[announce] 20080307  Horde Groupware 1.0.5 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000383.html"
                },
                {
                  "name": "[announce] 20080307  Horde Groupware Webmail Edition 1.0.6 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000384.html"
                },
                {
                  "name": "FEDORA-2008-2406",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
                },
                {
                  "name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
                },
                {
                  "name": "GLSA-200805-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
                },
                {
                  "name": "DSA-1519",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1519"
                },
                {
                  "name": "30047",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30047"
                },
                {
                  "name": "FEDORA-2008-2362",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
                },
                {
                  "name": "29374",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29374"
                },
                {
                  "name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
                },
                {
                  "name": "[announce] 20080307 Horde 3.1.7 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000382.html"
                },
                {
                  "name": "ADV-2008-0822",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0822/references"
                },
                {
                  "name": "28153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28153"
                },
                {
                  "name": "29400",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29400"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1284",
        "datePublished": "2008-03-11T00:00:00.000Z",
        "dateReserved": "2008-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6018 (GCVE-0-2007-6018)

    Vulnerability from nvd – Published: 2008-01-11 02:00 – Updated: 2024-08-07 15:54
    VLAI
    Summary
    IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29186 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.redhat.com/show_bug.cgi?id=428625 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://cvs.horde.org/diff.php/groupware/docs/grou… x_refsource_CONFIRM
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/34418 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/27223 vdb-entryx_refsource_BID
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://cvs.horde.org/diff.php/groupware/docs/webm… x_refsource_CONFIRM
    http://secunia.com/secunia_research/2007-102/advisory/ x_refsource_MISC
    http://secunia.com/advisories/28020 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29185 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/28546 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29184 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1470 vendor-advisoryx_refsource_DEBIAN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    Date Public
    2008-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:54:25.651Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29186",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29186"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
              },
              {
                "name": "SUSE-SR:2009:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
              },
              {
                "name": "horde-impgroupware-filter-security-bypass(39595)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
              },
              {
                "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000365.html"
              },
              {
                "name": "[announce] 20080109 Horde 3.1.6 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000360.html"
              },
              {
                "name": "34418",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34418"
              },
              {
                "name": "FEDORA-2008-2087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
              },
              {
                "name": "27223",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27223"
              },
              {
                "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000366.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2007-102/advisory/"
              },
              {
                "name": "28020",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28020"
              },
              {
                "name": "29185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29185"
              },
              {
                "name": "28546",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28546"
              },
              {
                "name": "29184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29184"
              },
              {
                "name": "DSA-1470",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1470"
              },
              {
                "name": "FEDORA-2008-2040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "29186",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29186"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
            },
            {
              "name": "SUSE-SR:2009:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
            },
            {
              "name": "horde-impgroupware-filter-security-bypass(39595)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
            },
            {
              "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000365.html"
            },
            {
              "name": "[announce] 20080109 Horde 3.1.6 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000360.html"
            },
            {
              "name": "34418",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34418"
            },
            {
              "name": "FEDORA-2008-2087",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
            },
            {
              "name": "27223",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27223"
            },
            {
              "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000366.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2007-102/advisory/"
            },
            {
              "name": "28020",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28020"
            },
            {
              "name": "29185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29185"
            },
            {
              "name": "28546",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28546"
            },
            {
              "name": "29184",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29184"
            },
            {
              "name": "DSA-1470",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1470"
            },
            {
              "name": "FEDORA-2008-2040",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2007-6018",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29186",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29186"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=428625",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
                },
                {
                  "name": "SUSE-SR:2009:007",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
                },
                {
                  "name": "horde-impgroupware-filter-security-bypass(39595)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
                },
                {
                  "name": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
                },
                {
                  "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000365.html"
                },
                {
                  "name": "[announce] 20080109 Horde 3.1.6 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000360.html"
                },
                {
                  "name": "34418",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34418"
                },
                {
                  "name": "FEDORA-2008-2087",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
                },
                {
                  "name": "27223",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27223"
                },
                {
                  "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000366.html"
                },
                {
                  "name": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
                },
                {
                  "name": "http://secunia.com/secunia_research/2007-102/advisory/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2007-102/advisory/"
                },
                {
                  "name": "28020",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28020"
                },
                {
                  "name": "29185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29185"
                },
                {
                  "name": "28546",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28546"
                },
                {
                  "name": "29184",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29184"
                },
                {
                  "name": "DSA-1470",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1470"
                },
                {
                  "name": "FEDORA-2008-2040",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2007-6018",
        "datePublished": "2008-01-11T02:00:00.000Z",
        "dateReserved": "2007-11-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:54:25.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4255 (GCVE-0-2006-4255)

    Vulnerability from nvd – Published: 2006-08-21 20:00 – Updated: 2024-08-07 19:06
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/19544 vdb-entryx_refsource_BID
    http://lists.horde.org/archives/announce/2006/000… mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2006/3316 vdb-entryx_refsource_VUPEN
    http://securityreason.com/securityalert/1423 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/21533 third-party-advisoryx_refsource_SECUNIA
    http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457 x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/443361/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1016713 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:06:06.698Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19544",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19544"
              },
              {
                "name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2006/000294.html"
              },
              {
                "name": "ADV-2006-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3316"
              },
              {
                "name": "1423",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1423"
              },
              {
                "name": "21533",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21533"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
              },
              {
                "name": "horde-search-xss(28409)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
              },
              {
                "name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
              },
              {
                "name": "1016713",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016713"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19544",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19544"
            },
            {
              "name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2006/000294.html"
            },
            {
              "name": "ADV-2006-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3316"
            },
            {
              "name": "1423",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1423"
            },
            {
              "name": "21533",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21533"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
            },
            {
              "name": "horde-search-xss(28409)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
            },
            {
              "name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
            },
            {
              "name": "1016713",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016713"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4255",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19544",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19544"
                },
                {
                  "name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2006/000294.html"
                },
                {
                  "name": "ADV-2006-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3316"
                },
                {
                  "name": "1423",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1423"
                },
                {
                  "name": "21533",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21533"
                },
                {
                  "name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457",
                  "refsource": "MISC",
                  "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
                },
                {
                  "name": "horde-search-xss(28409)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
                },
                {
                  "name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
                },
                {
                  "name": "1016713",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016713"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4255",
        "datePublished": "2006-08-21T20:00:00.000Z",
        "dateReserved": "2006-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:06:06.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3548 (GCVE-0-2006-3548)

    Vulnerability from nvd – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.horde.org/archives/announce/2006/000… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/18845 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/2694 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/21459 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/27565 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016442 vdb-entryx_refsource_SECTRACK
    http://lists.horde.org/archives/announce/2006/000… x_refsource_CONFIRM
    http://securityreason.com/securityalert/1229 third-party-advisoryx_refsource_SREASON
    http://moritz-naumann.com/adv/0011/hordemulti/0011.txt x_refsource_MISC
    http://www.debian.org/security/2007/dsa-1406 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/20954 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/439255/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-07-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:34.399Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
              },
              {
                "name": "horde-multiple-functions-xss(27589)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2006/000287.html"
              },
              {
                "name": "18845",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18845"
              },
              {
                "name": "ADV-2006-2694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2694"
              },
              {
                "name": "21459",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21459"
              },
              {
                "name": "SUSE-SR:2006:019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
              },
              {
                "name": "27565",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27565"
              },
              {
                "name": "1016442",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016442"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2006/000288.html"
              },
              {
                "name": "1229",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1229"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
              },
              {
                "name": "DSA-1406",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1406"
              },
              {
                "name": "20954",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20954"
              },
              {
                "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
            },
            {
              "name": "horde-multiple-functions-xss(27589)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.horde.org/archives/announce/2006/000287.html"
            },
            {
              "name": "18845",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18845"
            },
            {
              "name": "ADV-2006-2694",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2694"
            },
            {
              "name": "21459",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21459"
            },
            {
              "name": "SUSE-SR:2006:019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
            },
            {
              "name": "27565",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27565"
            },
            {
              "name": "1016442",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016442"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.horde.org/archives/announce/2006/000288.html"
            },
            {
              "name": "1229",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1229"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
            },
            {
              "name": "DSA-1406",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1406"
            },
            {
              "name": "20954",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20954"
            },
            {
              "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3548",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
                },
                {
                  "name": "horde-multiple-functions-xss(27589)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
                },
                {
                  "name": "http://lists.horde.org/archives/announce/2006/000287.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.horde.org/archives/announce/2006/000287.html"
                },
                {
                  "name": "18845",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18845"
                },
                {
                  "name": "ADV-2006-2694",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2694"
                },
                {
                  "name": "21459",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21459"
                },
                {
                  "name": "SUSE-SR:2006:019",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
                },
                {
                  "name": "27565",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27565"
                },
                {
                  "name": "1016442",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016442"
                },
                {
                  "name": "http://lists.horde.org/archives/announce/2006/000288.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.horde.org/archives/announce/2006/000288.html"
                },
                {
                  "name": "1229",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1229"
                },
                {
                  "name": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt",
                  "refsource": "MISC",
                  "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
                },
                {
                  "name": "DSA-1406",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1406"
                },
                {
                  "name": "20954",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20954"
                },
                {
                  "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3548",
        "datePublished": "2006-07-13T00:00:00.000Z",
        "dateReserved": "2006-07-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:34.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2195 (GCVE-0-2006-2195)

    Vulnerability from nvd – Published: 2006-06-15 10:00 – Updated: 2024-08-07 17:43
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://cvs.horde.org/diff.php?f=horde%2Ftest.php&… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/20750 third-party-advisoryx_refsource_SECUNIA
    http://overlays.gentoo.org/dev/chtekk/browser/hor… x_refsource_MISC
    http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=h… x_refsource_CONFIRM
    http://securitytracker.com/id?1016310 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2006/dsa-1098 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/20672 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2006/dsa-1099 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/20849 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/26514 vdb-entryx_refsource_OSVDB
    http://bugs.gentoo.org/show_bug.cgi?id=136830 x_refsource_CONFIRM
    http://secunia.com/advisories/20661 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/26513 vdb-entryx_refsource_OSVDB
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2006/2356 vdb-entryx_refsource_VUPEN
    http://www.gentoo.org/security/en/glsa/glsa-20060… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/20960 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/18436 vdb-entryx_refsource_BID
    Date Public
    2006-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:43:28.324Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
              },
              {
                "name": "horde-test-problem-xss(27168)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
              },
              {
                "name": "20750",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20750"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
              },
              {
                "name": "1016310",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016310"
              },
              {
                "name": "DSA-1098",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1098"
              },
              {
                "name": "20672",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20672"
              },
              {
                "name": "DSA-1099",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1099"
              },
              {
                "name": "20849",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20849"
              },
              {
                "name": "26514",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/26514"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
              },
              {
                "name": "20661",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20661"
              },
              {
                "name": "26513",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/26513"
              },
              {
                "name": "SUSE-SR:2006:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
              },
              {
                "name": "ADV-2006-2356",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2356"
              },
              {
                "name": "GLSA-200606-28",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
              },
              {
                "name": "20960",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20960"
              },
              {
                "name": "18436",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18436"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
            },
            {
              "name": "horde-test-problem-xss(27168)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
            },
            {
              "name": "20750",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20750"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
            },
            {
              "name": "1016310",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016310"
            },
            {
              "name": "DSA-1098",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1098"
            },
            {
              "name": "20672",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20672"
            },
            {
              "name": "DSA-1099",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1099"
            },
            {
              "name": "20849",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20849"
            },
            {
              "name": "26514",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/26514"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
            },
            {
              "name": "20661",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20661"
            },
            {
              "name": "26513",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/26513"
            },
            {
              "name": "SUSE-SR:2006:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
            },
            {
              "name": "ADV-2006-2356",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2356"
            },
            {
              "name": "GLSA-200606-28",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
            },
            {
              "name": "20960",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20960"
            },
            {
              "name": "18436",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18436"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2006-2195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
                },
                {
                  "name": "horde-test-problem-xss(27168)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
                },
                {
                  "name": "20750",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20750"
                },
                {
                  "name": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt",
                  "refsource": "MISC",
                  "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
                },
                {
                  "name": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
                },
                {
                  "name": "1016310",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016310"
                },
                {
                  "name": "DSA-1098",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1098"
                },
                {
                  "name": "20672",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20672"
                },
                {
                  "name": "DSA-1099",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1099"
                },
                {
                  "name": "20849",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20849"
                },
                {
                  "name": "26514",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/26514"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=136830",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
                },
                {
                  "name": "20661",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20661"
                },
                {
                  "name": "26513",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/26513"
                },
                {
                  "name": "SUSE-SR:2006:016",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
                },
                {
                  "name": "ADV-2006-2356",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2356"
                },
                {
                  "name": "GLSA-200606-28",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
                },
                {
                  "name": "20960",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20960"
                },
                {
                  "name": "18436",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18436"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2006-2195",
        "datePublished": "2006-06-15T10:00:00.000Z",
        "dateReserved": "2006-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:43:28.324Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1260 (GCVE-0-2006-1260)

    Vulnerability from nvd – Published: 2006-03-19 02:00 – Updated: 2024-08-07 17:03
    VLAI
    Summary
    Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/590 third-party-advisoryx_refsource_SREASON
    http://www.gentoo.org/security/en/glsa/glsa-20060… vendor-advisoryx_refsource_GENTOO
    http://www.debian.org/security/2006/dsa-1034 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/19528 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17117 vdb-entryx_refsource_BID
    http://secunia.com/advisories/19246 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/23918 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/19692 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/0959 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/19619 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1015771 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2006/dsa-1033 vendor-advisoryx_refsource_DEBIAN
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/427710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/19897 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    Date Public
    2006-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:03:28.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "590",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/590"
              },
              {
                "name": "GLSA-200604-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
              },
              {
                "name": "DSA-1034",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1034"
              },
              {
                "name": "19528",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19528"
              },
              {
                "name": "17117",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17117"
              },
              {
                "name": "19246",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19246"
              },
              {
                "name": "23918",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/23918"
              },
              {
                "name": "19692",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19692"
              },
              {
                "name": "horde-servicesgo-information-disclosure(25239)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
              },
              {
                "name": "ADV-2006-0959",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0959"
              },
              {
                "name": "19619",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19619"
              },
              {
                "name": "1015771",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015771"
              },
              {
                "name": "DSA-1033",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1033"
              },
              {
                "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
              },
              {
                "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
              },
              {
                "name": "19897",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19897"
              },
              {
                "name": "SUSE-SR:2006:009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "590",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/590"
            },
            {
              "name": "GLSA-200604-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
            },
            {
              "name": "DSA-1034",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1034"
            },
            {
              "name": "19528",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19528"
            },
            {
              "name": "17117",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17117"
            },
            {
              "name": "19246",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19246"
            },
            {
              "name": "23918",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/23918"
            },
            {
              "name": "19692",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19692"
            },
            {
              "name": "horde-servicesgo-information-disclosure(25239)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
            },
            {
              "name": "ADV-2006-0959",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0959"
            },
            {
              "name": "19619",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19619"
            },
            {
              "name": "1015771",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015771"
            },
            {
              "name": "DSA-1033",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1033"
            },
            {
              "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
            },
            {
              "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
            },
            {
              "name": "19897",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19897"
            },
            {
              "name": "SUSE-SR:2006:009",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1260",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "590",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/590"
                },
                {
                  "name": "GLSA-200604-02",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
                },
                {
                  "name": "DSA-1034",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1034"
                },
                {
                  "name": "19528",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19528"
                },
                {
                  "name": "17117",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17117"
                },
                {
                  "name": "19246",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19246"
                },
                {
                  "name": "23918",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/23918"
                },
                {
                  "name": "19692",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19692"
                },
                {
                  "name": "horde-servicesgo-information-disclosure(25239)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
                },
                {
                  "name": "ADV-2006-0959",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0959"
                },
                {
                  "name": "19619",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19619"
                },
                {
                  "name": "1015771",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015771"
                },
                {
                  "name": "DSA-1033",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1033"
                },
                {
                  "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
                },
                {
                  "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
                },
                {
                  "name": "19897",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19897"
                },
                {
                  "name": "SUSE-SR:2006:009",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1260",
        "datePublished": "2006-03-19T02:00:00.000Z",
        "dateReserved": "2006-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:03:28.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3759 (GCVE-0-2005-3759)

    Vulnerability from nvd – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
    http://www.vupen.com/english/advisories/2005/2536 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/17599 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/417436/30/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/15535 vdb-entryx_refsource_BID
    http://secunia.com/advisories/17703 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2005/000… mailing-listx_refsource_MLIST
    http://www.debian.org/security/2005/dsa-909 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2005-11-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:24:35.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200511-20",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
              },
              {
                "name": "ADV-2005-2536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2536"
              },
              {
                "name": "17599",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17599"
              },
              {
                "name": "20051122 Horde MIME Viewer vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
              },
              {
                "name": "15535",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15535"
              },
              {
                "name": "17703",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17703"
              },
              {
                "name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2005/000232.html"
              },
              {
                "name": "DSA-909",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-909"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "GLSA-200511-20",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
            },
            {
              "name": "ADV-2005-2536",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2536"
            },
            {
              "name": "17599",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17599"
            },
            {
              "name": "20051122 Horde MIME Viewer vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
            },
            {
              "name": "15535",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15535"
            },
            {
              "name": "17703",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17703"
            },
            {
              "name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2005/000232.html"
            },
            {
              "name": "DSA-909",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-909"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2005-3759",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200511-20",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
                },
                {
                  "name": "ADV-2005-2536",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2536"
                },
                {
                  "name": "17599",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17599"
                },
                {
                  "name": "20051122 Horde MIME Viewer vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
                },
                {
                  "name": "15535",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15535"
                },
                {
                  "name": "17703",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17703"
                },
                {
                  "name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2005/000232.html"
                },
                {
                  "name": "DSA-909",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-909"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2005-3759",
        "datePublished": "2005-11-22T21:00:00.000Z",
        "dateReserved": "2005-11-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:24:35.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3570 (GCVE-0-2005-3570)

    Vulnerability from nvd – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:17
    VLAI
    Summary
    Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/15409 vdb-entryx_refsource_BID
    http://lists.horde.org/archives/announce/2005/000… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/17468 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
    http://www.vupen.com/english/advisories/2005/2403 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/17794 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17702 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2005/dsa-914 vendor-advisoryx_refsource_DEBIAN
    http://cvs.horde.org/diff.php/horde/docs/CHANGES?… x_refsource_CONFIRM
    Date Public
    2005-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:17:23.405Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "15409",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15409"
              },
              {
                "name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2005/000231.html"
              },
              {
                "name": "17468",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17468"
              },
              {
                "name": "GLSA-200511-20",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
              },
              {
                "name": "ADV-2005-2403",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2403"
              },
              {
                "name": "17794",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17794"
              },
              {
                "name": "17702",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17702"
              },
              {
                "name": "DSA-914",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-914"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-30T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "15409",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15409"
            },
            {
              "name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2005/000231.html"
            },
            {
              "name": "17468",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17468"
            },
            {
              "name": "GLSA-200511-20",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
            },
            {
              "name": "ADV-2005-2403",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2403"
            },
            {
              "name": "17794",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17794"
            },
            {
              "name": "17702",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17702"
            },
            {
              "name": "DSA-914",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-914"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3570",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "15409",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15409"
                },
                {
                  "name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2005/000231.html"
                },
                {
                  "name": "17468",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17468"
                },
                {
                  "name": "GLSA-200511-20",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
                },
                {
                  "name": "ADV-2005-2403",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2403"
                },
                {
                  "name": "17794",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17794"
                },
                {
                  "name": "17702",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17702"
                },
                {
                  "name": "DSA-914",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-914"
                },
                {
                  "name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3570",
        "datePublished": "2005-11-16T07:37:00.000Z",
        "dateReserved": "2005-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:17:23.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3344 (GCVE-0-2005-3344)

    Vulnerability from nvd – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:10
    VLAI
    Summary
    The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/15337/ vdb-entryx_refsource_BID
    http://www.networkscanning.com/Horde-Default-Admi… x_refsource_MISC
    http://www.osvdb.org/24117 vdb-entryx_refsource_OSVDB
    http://www.debian.org/security/2005/dsa-884 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2005-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:10:08.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "horde-default-account(24576)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
              },
              {
                "name": "15337",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15337/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
              },
              {
                "name": "24117",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24117"
              },
              {
                "name": "DSA-884",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-884"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "horde-default-account(24576)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
            },
            {
              "name": "15337",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15337/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
            },
            {
              "name": "24117",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24117"
            },
            {
              "name": "DSA-884",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-884"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2005-3344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "horde-default-account(24576)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
                },
                {
                  "name": "15337",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15337/"
                },
                {
                  "name": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html",
                  "refsource": "MISC",
                  "url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
                },
                {
                  "name": "24117",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24117"
                },
                {
                  "name": "DSA-884",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-884"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2005-3344",
        "datePublished": "2005-11-16T07:37:00.000Z",
        "dateReserved": "2005-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:10:08.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0378 (GCVE-0-2005-0378)

    Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2005-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:53.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.hyperdose.com/advisories/H2005-01.txt"
              },
              {
                "name": "20050113 Cross Site Scripting holes found in Horde 3.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
              },
              {
                "name": "12255",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12255"
              },
              {
                "name": "1012892",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012892"
              },
              {
                "name": "horde-prefs-index-xss(18881)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.hyperdose.com/advisories/H2005-01.txt"
            },
            {
              "name": "20050113 Cross Site Scripting holes found in Horde 3.0",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
            },
            {
              "name": "12255",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12255"
            },
            {
              "name": "1012892",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012892"
            },
            {
              "name": "horde-prefs-index-xss(18881)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0378",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.hyperdose.com/advisories/H2005-01.txt",
                  "refsource": "MISC",
                  "url": "http://www.hyperdose.com/advisories/H2005-01.txt"
                },
                {
                  "name": "20050113 Cross Site Scripting holes found in Horde 3.0",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
                },
                {
                  "name": "12255",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12255"
                },
                {
                  "name": "1012892",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012892"
                },
                {
                  "name": "horde-prefs-index-xss(18881)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0378",
        "datePublished": "2005-02-13T05:00:00.000Z",
        "dateReserved": "2005-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:53.499Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0209 (GCVE-0-2012-0209)

    Vulnerability from cvelistv5 – Published: 2012-09-25 22:00 – Updated: 2024-09-16 21:57
    VLAI
    Summary
    Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:16:19.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
              },
              {
                "name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2012/000751.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-25T22:00:00.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
            },
            {
              "name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2012/000751.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2012-0209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155",
                  "refsource": "CONFIRM",
                  "url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
                },
                {
                  "name": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/",
                  "refsource": "MISC",
                  "url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=790877",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
                },
                {
                  "name": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
                },
                {
                  "name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2012/000751.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2012-0209",
        "datePublished": "2012-09-25T22:00:00.000Z",
        "dateReserved": "2011-12-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:57:27.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1638 (GCVE-0-2010-1638)

    Vulnerability from cvelistv5 – Published: 2010-06-22 17:00 – Updated: 2024-08-07 01:28
    VLAI
    Summary
    The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:41.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
              },
              {
                "name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script.  NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product\u0027s installation documentation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-22T17:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
            },
            {
              "name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-1638",
        "datePublished": "2010-06-22T17:00:00.000Z",
        "dateReserved": "2010-04-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:28:41.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7218 (GCVE-0-2008-7218)

    Vulnerability from cvelistv5 – Published: 2009-09-13 22:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/27217 vdb-entryx_refsource_BID
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/28382 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.osvdb.org/42775 vdb-entryx_refsource_OSVDB
    Date Public
    2008-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000371.html"
              },
              {
                "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000369.html"
              },
              {
                "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000363.html"
              },
              {
                "name": "27217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27217"
              },
              {
                "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000365.html"
              },
              {
                "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000376.html"
              },
              {
                "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000367.html"
              },
              {
                "name": "FEDORA-2008-2212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
              },
              {
                "name": "[announce] 20080109 Horde 3.1.6 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000360.html"
              },
              {
                "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000364.html"
              },
              {
                "name": "28382",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28382"
              },
              {
                "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000377.html"
              },
              {
                "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000366.html"
              },
              {
                "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000361.html"
              },
              {
                "name": "horde-hordeapi-privilege-escalation(39599)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
              },
              {
                "name": "[announce] 20080122 Horde 3.2-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000374.html"
              },
              {
                "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000362.html"
              },
              {
                "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000368.html"
              },
              {
                "name": "42775",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/42775"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000371.html"
            },
            {
              "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000369.html"
            },
            {
              "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000363.html"
            },
            {
              "name": "27217",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27217"
            },
            {
              "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000365.html"
            },
            {
              "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000376.html"
            },
            {
              "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000367.html"
            },
            {
              "name": "FEDORA-2008-2212",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
            },
            {
              "name": "[announce] 20080109 Horde 3.1.6 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000360.html"
            },
            {
              "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000364.html"
            },
            {
              "name": "28382",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28382"
            },
            {
              "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000377.html"
            },
            {
              "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000366.html"
            },
            {
              "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000361.html"
            },
            {
              "name": "horde-hordeapi-privilege-escalation(39599)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
            },
            {
              "name": "[announce] 20080122 Horde 3.2-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000374.html"
            },
            {
              "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000362.html"
            },
            {
              "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000368.html"
            },
            {
              "name": "42775",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/42775"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7218",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000371.html"
                },
                {
                  "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000369.html"
                },
                {
                  "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000363.html"
                },
                {
                  "name": "27217",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27217"
                },
                {
                  "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000365.html"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000376.html"
                },
                {
                  "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000367.html"
                },
                {
                  "name": "FEDORA-2008-2212",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
                },
                {
                  "name": "[announce] 20080109 Horde 3.1.6 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000360.html"
                },
                {
                  "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000364.html"
                },
                {
                  "name": "28382",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28382"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000377.html"
                },
                {
                  "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000366.html"
                },
                {
                  "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000361.html"
                },
                {
                  "name": "horde-hordeapi-privilege-escalation(39599)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
                },
                {
                  "name": "[announce] 20080122 Horde 3.2-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000374.html"
                },
                {
                  "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000362.html"
                },
                {
                  "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000368.html"
                },
                {
                  "name": "42775",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/42775"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7218",
        "datePublished": "2009-09-13T22:00:00.000Z",
        "dateReserved": "2009-09-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3824 (GCVE-0-2008-3824)

    Vulnerability from cvelistv5 – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-09-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.438Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
              },
              {
                "name": "31842",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31842"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
              },
              {
                "name": "ADV-2008-2548",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2548"
              },
              {
                "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
              },
              {
                "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
              },
              {
                "name": "4245",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4245"
              },
              {
                "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
              },
              {
                "name": "horde-htmlmessages-xss(45031)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
              },
              {
                "name": "47996",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/47996"
              },
              {
                "name": "31107",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31107"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
            },
            {
              "name": "31842",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31842"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
            },
            {
              "name": "ADV-2008-2548",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2548"
            },
            {
              "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
            },
            {
              "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
            },
            {
              "name": "4245",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4245"
            },
            {
              "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
            },
            {
              "name": "horde-htmlmessages-xss(45031)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
            },
            {
              "name": "47996",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/47996"
            },
            {
              "name": "31107",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31107"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-3824",
        "datePublished": "2008-09-12T16:00:00.000Z",
        "dateReserved": "2008-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3823 (GCVE-0-2008-3823)

    Vulnerability from cvelistv5 – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/31842 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1642 vendor-advisoryx_refsource_DEBIAN
    http://www.vupen.com/english/advisories/2008/2548 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/31959 third-party-advisoryx_refsource_SECUNIA
    http://ocert.org/patches/2008-012/MIME.patch x_refsource_MISC
    http://marc.info/?l=horde-announce&m=122104360019… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/31110 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/496182/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/4245 third-party-advisoryx_refsource_SREASON
    http://www.openwall.com/lists/oss-security/2008/09/10/1 mailing-listx_refsource_MLIST
    http://www.ocert.org/advisories/ocert-2008-012.html x_refsource_MISC
    Date Public
    2008-09-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.419Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "horde-mime-xss(45030)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
              },
              {
                "name": "31842",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31842"
              },
              {
                "name": "DSA-1642",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1642"
              },
              {
                "name": "ADV-2008-2548",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2548"
              },
              {
                "name": "31959",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31959"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ocert.org/patches/2008-012/MIME.patch"
              },
              {
                "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
              },
              {
                "name": "31110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31110"
              },
              {
                "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
              },
              {
                "name": "4245",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4245"
              },
              {
                "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "horde-mime-xss(45030)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
            },
            {
              "name": "31842",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31842"
            },
            {
              "name": "DSA-1642",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1642"
            },
            {
              "name": "ADV-2008-2548",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2548"
            },
            {
              "name": "31959",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31959"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ocert.org/patches/2008-012/MIME.patch"
            },
            {
              "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
            },
            {
              "name": "31110",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31110"
            },
            {
              "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
            },
            {
              "name": "4245",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4245"
            },
            {
              "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-3823",
        "datePublished": "2008-09-12T16:00:00.000Z",
        "dateReserved": "2008-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1284 (GCVE-0-2008-1284)

    Vulnerability from cvelistv5 – Published: 2008-03-11 00:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3726 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/29286 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/archive/1/489239/100… mailing-listx_refsource_BUGTRAQ
    http://security.gentoo.org/glsa/glsa-200805-01.xml vendor-advisoryx_refsource_GENTOO
    http://www.debian.org/security/2008/dsa-1519 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/30047 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/29374 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/489289/100… mailing-listx_refsource_BUGTRAQ
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2008/0822… vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/28153 vdb-entryx_refsource_BID
    http://secunia.com/advisories/29400 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3726",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3726"
              },
              {
                "name": "29286",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29286"
              },
              {
                "name": "horde-theme-file-include(41054)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
              },
              {
                "name": "[announce] 20080307  Horde Groupware 1.0.5 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000383.html"
              },
              {
                "name": "[announce] 20080307  Horde Groupware Webmail Edition 1.0.6 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000384.html"
              },
              {
                "name": "FEDORA-2008-2406",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
              },
              {
                "name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
              },
              {
                "name": "GLSA-200805-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
              },
              {
                "name": "DSA-1519",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1519"
              },
              {
                "name": "30047",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30047"
              },
              {
                "name": "FEDORA-2008-2362",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
              },
              {
                "name": "29374",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29374"
              },
              {
                "name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
              },
              {
                "name": "[announce] 20080307 Horde 3.1.7 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000382.html"
              },
              {
                "name": "ADV-2008-0822",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0822/references"
              },
              {
                "name": "28153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28153"
              },
              {
                "name": "29400",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29400"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3726",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3726"
            },
            {
              "name": "29286",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29286"
            },
            {
              "name": "horde-theme-file-include(41054)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
            },
            {
              "name": "[announce] 20080307  Horde Groupware 1.0.5 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000383.html"
            },
            {
              "name": "[announce] 20080307  Horde Groupware Webmail Edition 1.0.6 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000384.html"
            },
            {
              "name": "FEDORA-2008-2406",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
            },
            {
              "name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
            },
            {
              "name": "GLSA-200805-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
            },
            {
              "name": "DSA-1519",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1519"
            },
            {
              "name": "30047",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30047"
            },
            {
              "name": "FEDORA-2008-2362",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
            },
            {
              "name": "29374",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29374"
            },
            {
              "name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
            },
            {
              "name": "[announce] 20080307 Horde 3.1.7 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000382.html"
            },
            {
              "name": "ADV-2008-0822",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0822/references"
            },
            {
              "name": "28153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28153"
            },
            {
              "name": "29400",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29400"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1284",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3726",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3726"
                },
                {
                  "name": "29286",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29286"
                },
                {
                  "name": "horde-theme-file-include(41054)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
                },
                {
                  "name": "[announce] 20080307  Horde Groupware 1.0.5 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000383.html"
                },
                {
                  "name": "[announce] 20080307  Horde Groupware Webmail Edition 1.0.6 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000384.html"
                },
                {
                  "name": "FEDORA-2008-2406",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
                },
                {
                  "name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
                },
                {
                  "name": "GLSA-200805-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
                },
                {
                  "name": "DSA-1519",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1519"
                },
                {
                  "name": "30047",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30047"
                },
                {
                  "name": "FEDORA-2008-2362",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
                },
                {
                  "name": "29374",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29374"
                },
                {
                  "name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
                },
                {
                  "name": "[announce] 20080307 Horde 3.1.7 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000382.html"
                },
                {
                  "name": "ADV-2008-0822",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0822/references"
                },
                {
                  "name": "28153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28153"
                },
                {
                  "name": "29400",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29400"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1284",
        "datePublished": "2008-03-11T00:00:00.000Z",
        "dateReserved": "2008-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6018 (GCVE-0-2007-6018)

    Vulnerability from cvelistv5 – Published: 2008-01-11 02:00 – Updated: 2024-08-07 15:54
    VLAI
    Summary
    IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29186 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.redhat.com/show_bug.cgi?id=428625 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://cvs.horde.org/diff.php/groupware/docs/grou… x_refsource_CONFIRM
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/34418 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/27223 vdb-entryx_refsource_BID
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://cvs.horde.org/diff.php/groupware/docs/webm… x_refsource_CONFIRM
    http://secunia.com/secunia_research/2007-102/advisory/ x_refsource_MISC
    http://secunia.com/advisories/28020 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29185 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/28546 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29184 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1470 vendor-advisoryx_refsource_DEBIAN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    Date Public
    2008-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:54:25.651Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29186",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29186"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
              },
              {
                "name": "SUSE-SR:2009:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
              },
              {
                "name": "horde-impgroupware-filter-security-bypass(39595)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
              },
              {
                "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000365.html"
              },
              {
                "name": "[announce] 20080109 Horde 3.1.6 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000360.html"
              },
              {
                "name": "34418",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34418"
              },
              {
                "name": "FEDORA-2008-2087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
              },
              {
                "name": "27223",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27223"
              },
              {
                "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000366.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2007-102/advisory/"
              },
              {
                "name": "28020",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28020"
              },
              {
                "name": "29185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29185"
              },
              {
                "name": "28546",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28546"
              },
              {
                "name": "29184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29184"
              },
              {
                "name": "DSA-1470",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1470"
              },
              {
                "name": "FEDORA-2008-2040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "29186",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29186"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
            },
            {
              "name": "SUSE-SR:2009:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
            },
            {
              "name": "horde-impgroupware-filter-security-bypass(39595)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
            },
            {
              "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000365.html"
            },
            {
              "name": "[announce] 20080109 Horde 3.1.6 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000360.html"
            },
            {
              "name": "34418",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34418"
            },
            {
              "name": "FEDORA-2008-2087",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
            },
            {
              "name": "27223",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27223"
            },
            {
              "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000366.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2007-102/advisory/"
            },
            {
              "name": "28020",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28020"
            },
            {
              "name": "29185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29185"
            },
            {
              "name": "28546",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28546"
            },
            {
              "name": "29184",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29184"
            },
            {
              "name": "DSA-1470",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1470"
            },
            {
              "name": "FEDORA-2008-2040",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2007-6018",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29186",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29186"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=428625",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
                },
                {
                  "name": "SUSE-SR:2009:007",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
                },
                {
                  "name": "horde-impgroupware-filter-security-bypass(39595)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
                },
                {
                  "name": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
                },
                {
                  "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000365.html"
                },
                {
                  "name": "[announce] 20080109 Horde 3.1.6 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000360.html"
                },
                {
                  "name": "34418",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34418"
                },
                {
                  "name": "FEDORA-2008-2087",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
                },
                {
                  "name": "27223",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27223"
                },
                {
                  "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000366.html"
                },
                {
                  "name": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
                },
                {
                  "name": "http://secunia.com/secunia_research/2007-102/advisory/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2007-102/advisory/"
                },
                {
                  "name": "28020",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28020"
                },
                {
                  "name": "29185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29185"
                },
                {
                  "name": "28546",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28546"
                },
                {
                  "name": "29184",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29184"
                },
                {
                  "name": "DSA-1470",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1470"
                },
                {
                  "name": "FEDORA-2008-2040",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2007-6018",
        "datePublished": "2008-01-11T02:00:00.000Z",
        "dateReserved": "2007-11-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:54:25.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4255 (GCVE-0-2006-4255)

    Vulnerability from cvelistv5 – Published: 2006-08-21 20:00 – Updated: 2024-08-07 19:06
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/19544 vdb-entryx_refsource_BID
    http://lists.horde.org/archives/announce/2006/000… mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2006/3316 vdb-entryx_refsource_VUPEN
    http://securityreason.com/securityalert/1423 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/21533 third-party-advisoryx_refsource_SECUNIA
    http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457 x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/443361/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1016713 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:06:06.698Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19544",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19544"
              },
              {
                "name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2006/000294.html"
              },
              {
                "name": "ADV-2006-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3316"
              },
              {
                "name": "1423",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1423"
              },
              {
                "name": "21533",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21533"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
              },
              {
                "name": "horde-search-xss(28409)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
              },
              {
                "name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
              },
              {
                "name": "1016713",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016713"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19544",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19544"
            },
            {
              "name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2006/000294.html"
            },
            {
              "name": "ADV-2006-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3316"
            },
            {
              "name": "1423",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1423"
            },
            {
              "name": "21533",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21533"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
            },
            {
              "name": "horde-search-xss(28409)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
            },
            {
              "name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
            },
            {
              "name": "1016713",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016713"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4255",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19544",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19544"
                },
                {
                  "name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2006/000294.html"
                },
                {
                  "name": "ADV-2006-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3316"
                },
                {
                  "name": "1423",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1423"
                },
                {
                  "name": "21533",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21533"
                },
                {
                  "name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457",
                  "refsource": "MISC",
                  "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
                },
                {
                  "name": "horde-search-xss(28409)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
                },
                {
                  "name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
                },
                {
                  "name": "1016713",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016713"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4255",
        "datePublished": "2006-08-21T20:00:00.000Z",
        "dateReserved": "2006-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:06:06.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3548 (GCVE-0-2006-3548)

    Vulnerability from cvelistv5 – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.horde.org/archives/announce/2006/000… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/18845 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/2694 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/21459 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/27565 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016442 vdb-entryx_refsource_SECTRACK
    http://lists.horde.org/archives/announce/2006/000… x_refsource_CONFIRM
    http://securityreason.com/securityalert/1229 third-party-advisoryx_refsource_SREASON
    http://moritz-naumann.com/adv/0011/hordemulti/0011.txt x_refsource_MISC
    http://www.debian.org/security/2007/dsa-1406 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/20954 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/439255/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-07-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:34.399Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
              },
              {
                "name": "horde-multiple-functions-xss(27589)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2006/000287.html"
              },
              {
                "name": "18845",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18845"
              },
              {
                "name": "ADV-2006-2694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2694"
              },
              {
                "name": "21459",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21459"
              },
              {
                "name": "SUSE-SR:2006:019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
              },
              {
                "name": "27565",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27565"
              },
              {
                "name": "1016442",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016442"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2006/000288.html"
              },
              {
                "name": "1229",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1229"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
              },
              {
                "name": "DSA-1406",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1406"
              },
              {
                "name": "20954",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20954"
              },
              {
                "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
            },
            {
              "name": "horde-multiple-functions-xss(27589)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.horde.org/archives/announce/2006/000287.html"
            },
            {
              "name": "18845",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18845"
            },
            {
              "name": "ADV-2006-2694",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2694"
            },
            {
              "name": "21459",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21459"
            },
            {
              "name": "SUSE-SR:2006:019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
            },
            {
              "name": "27565",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27565"
            },
            {
              "name": "1016442",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016442"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.horde.org/archives/announce/2006/000288.html"
            },
            {
              "name": "1229",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1229"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
            },
            {
              "name": "DSA-1406",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1406"
            },
            {
              "name": "20954",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20954"
            },
            {
              "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3548",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
                },
                {
                  "name": "horde-multiple-functions-xss(27589)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
                },
                {
                  "name": "http://lists.horde.org/archives/announce/2006/000287.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.horde.org/archives/announce/2006/000287.html"
                },
                {
                  "name": "18845",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18845"
                },
                {
                  "name": "ADV-2006-2694",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2694"
                },
                {
                  "name": "21459",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21459"
                },
                {
                  "name": "SUSE-SR:2006:019",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
                },
                {
                  "name": "27565",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27565"
                },
                {
                  "name": "1016442",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016442"
                },
                {
                  "name": "http://lists.horde.org/archives/announce/2006/000288.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.horde.org/archives/announce/2006/000288.html"
                },
                {
                  "name": "1229",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1229"
                },
                {
                  "name": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt",
                  "refsource": "MISC",
                  "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
                },
                {
                  "name": "DSA-1406",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1406"
                },
                {
                  "name": "20954",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20954"
                },
                {
                  "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3548",
        "datePublished": "2006-07-13T00:00:00.000Z",
        "dateReserved": "2006-07-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:34.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2195 (GCVE-0-2006-2195)

    Vulnerability from cvelistv5 – Published: 2006-06-15 10:00 – Updated: 2024-08-07 17:43
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://cvs.horde.org/diff.php?f=horde%2Ftest.php&… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/20750 third-party-advisoryx_refsource_SECUNIA
    http://overlays.gentoo.org/dev/chtekk/browser/hor… x_refsource_MISC
    http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=h… x_refsource_CONFIRM
    http://securitytracker.com/id?1016310 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2006/dsa-1098 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/20672 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2006/dsa-1099 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/20849 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/26514 vdb-entryx_refsource_OSVDB
    http://bugs.gentoo.org/show_bug.cgi?id=136830 x_refsource_CONFIRM
    http://secunia.com/advisories/20661 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/26513 vdb-entryx_refsource_OSVDB
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2006/2356 vdb-entryx_refsource_VUPEN
    http://www.gentoo.org/security/en/glsa/glsa-20060… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/20960 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/18436 vdb-entryx_refsource_BID
    Date Public
    2006-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:43:28.324Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
              },
              {
                "name": "horde-test-problem-xss(27168)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
              },
              {
                "name": "20750",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20750"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
              },
              {
                "name": "1016310",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016310"
              },
              {
                "name": "DSA-1098",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1098"
              },
              {
                "name": "20672",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20672"
              },
              {
                "name": "DSA-1099",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1099"
              },
              {
                "name": "20849",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20849"
              },
              {
                "name": "26514",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/26514"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
              },
              {
                "name": "20661",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20661"
              },
              {
                "name": "26513",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/26513"
              },
              {
                "name": "SUSE-SR:2006:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
              },
              {
                "name": "ADV-2006-2356",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2356"
              },
              {
                "name": "GLSA-200606-28",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
              },
              {
                "name": "20960",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20960"
              },
              {
                "name": "18436",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18436"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
            },
            {
              "name": "horde-test-problem-xss(27168)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
            },
            {
              "name": "20750",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20750"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
            },
            {
              "name": "1016310",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016310"
            },
            {
              "name": "DSA-1098",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1098"
            },
            {
              "name": "20672",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20672"
            },
            {
              "name": "DSA-1099",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1099"
            },
            {
              "name": "20849",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20849"
            },
            {
              "name": "26514",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/26514"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
            },
            {
              "name": "20661",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20661"
            },
            {
              "name": "26513",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/26513"
            },
            {
              "name": "SUSE-SR:2006:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
            },
            {
              "name": "ADV-2006-2356",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2356"
            },
            {
              "name": "GLSA-200606-28",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
            },
            {
              "name": "20960",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20960"
            },
            {
              "name": "18436",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18436"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2006-2195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
                },
                {
                  "name": "horde-test-problem-xss(27168)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
                },
                {
                  "name": "20750",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20750"
                },
                {
                  "name": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt",
                  "refsource": "MISC",
                  "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
                },
                {
                  "name": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
                },
                {
                  "name": "1016310",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016310"
                },
                {
                  "name": "DSA-1098",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1098"
                },
                {
                  "name": "20672",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20672"
                },
                {
                  "name": "DSA-1099",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1099"
                },
                {
                  "name": "20849",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20849"
                },
                {
                  "name": "26514",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/26514"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=136830",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
                },
                {
                  "name": "20661",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20661"
                },
                {
                  "name": "26513",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/26513"
                },
                {
                  "name": "SUSE-SR:2006:016",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
                },
                {
                  "name": "ADV-2006-2356",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2356"
                },
                {
                  "name": "GLSA-200606-28",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
                },
                {
                  "name": "20960",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20960"
                },
                {
                  "name": "18436",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18436"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2006-2195",
        "datePublished": "2006-06-15T10:00:00.000Z",
        "dateReserved": "2006-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:43:28.324Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1260 (GCVE-0-2006-1260)

    Vulnerability from cvelistv5 – Published: 2006-03-19 02:00 – Updated: 2024-08-07 17:03
    VLAI
    Summary
    Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/590 third-party-advisoryx_refsource_SREASON
    http://www.gentoo.org/security/en/glsa/glsa-20060… vendor-advisoryx_refsource_GENTOO
    http://www.debian.org/security/2006/dsa-1034 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/19528 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17117 vdb-entryx_refsource_BID
    http://secunia.com/advisories/19246 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/23918 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/19692 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/0959 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/19619 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1015771 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2006/dsa-1033 vendor-advisoryx_refsource_DEBIAN
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/427710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/19897 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    Date Public
    2006-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:03:28.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "590",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/590"
              },
              {
                "name": "GLSA-200604-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
              },
              {
                "name": "DSA-1034",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1034"
              },
              {
                "name": "19528",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19528"
              },
              {
                "name": "17117",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17117"
              },
              {
                "name": "19246",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19246"
              },
              {
                "name": "23918",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/23918"
              },
              {
                "name": "19692",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19692"
              },
              {
                "name": "horde-servicesgo-information-disclosure(25239)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
              },
              {
                "name": "ADV-2006-0959",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0959"
              },
              {
                "name": "19619",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19619"
              },
              {
                "name": "1015771",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015771"
              },
              {
                "name": "DSA-1033",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1033"
              },
              {
                "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
              },
              {
                "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
              },
              {
                "name": "19897",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19897"
              },
              {
                "name": "SUSE-SR:2006:009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "590",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/590"
            },
            {
              "name": "GLSA-200604-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
            },
            {
              "name": "DSA-1034",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1034"
            },
            {
              "name": "19528",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19528"
            },
            {
              "name": "17117",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17117"
            },
            {
              "name": "19246",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19246"
            },
            {
              "name": "23918",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/23918"
            },
            {
              "name": "19692",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19692"
            },
            {
              "name": "horde-servicesgo-information-disclosure(25239)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
            },
            {
              "name": "ADV-2006-0959",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0959"
            },
            {
              "name": "19619",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19619"
            },
            {
              "name": "1015771",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015771"
            },
            {
              "name": "DSA-1033",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1033"
            },
            {
              "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
            },
            {
              "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
            },
            {
              "name": "19897",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19897"
            },
            {
              "name": "SUSE-SR:2006:009",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1260",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "590",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/590"
                },
                {
                  "name": "GLSA-200604-02",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
                },
                {
                  "name": "DSA-1034",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1034"
                },
                {
                  "name": "19528",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19528"
                },
                {
                  "name": "17117",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17117"
                },
                {
                  "name": "19246",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19246"
                },
                {
                  "name": "23918",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/23918"
                },
                {
                  "name": "19692",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19692"
                },
                {
                  "name": "horde-servicesgo-information-disclosure(25239)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
                },
                {
                  "name": "ADV-2006-0959",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0959"
                },
                {
                  "name": "19619",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19619"
                },
                {
                  "name": "1015771",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015771"
                },
                {
                  "name": "DSA-1033",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1033"
                },
                {
                  "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
                },
                {
                  "name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
                },
                {
                  "name": "19897",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19897"
                },
                {
                  "name": "SUSE-SR:2006:009",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1260",
        "datePublished": "2006-03-19T02:00:00.000Z",
        "dateReserved": "2006-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:03:28.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3759 (GCVE-0-2005-3759)

    Vulnerability from cvelistv5 – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
    http://www.vupen.com/english/advisories/2005/2536 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/17599 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/417436/30/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/15535 vdb-entryx_refsource_BID
    http://secunia.com/advisories/17703 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2005/000… mailing-listx_refsource_MLIST
    http://www.debian.org/security/2005/dsa-909 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2005-11-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:24:35.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200511-20",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
              },
              {
                "name": "ADV-2005-2536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2536"
              },
              {
                "name": "17599",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17599"
              },
              {
                "name": "20051122 Horde MIME Viewer vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
              },
              {
                "name": "15535",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15535"
              },
              {
                "name": "17703",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17703"
              },
              {
                "name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2005/000232.html"
              },
              {
                "name": "DSA-909",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-909"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "GLSA-200511-20",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
            },
            {
              "name": "ADV-2005-2536",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2536"
            },
            {
              "name": "17599",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17599"
            },
            {
              "name": "20051122 Horde MIME Viewer vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
            },
            {
              "name": "15535",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15535"
            },
            {
              "name": "17703",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17703"
            },
            {
              "name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2005/000232.html"
            },
            {
              "name": "DSA-909",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-909"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2005-3759",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200511-20",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
                },
                {
                  "name": "ADV-2005-2536",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2536"
                },
                {
                  "name": "17599",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17599"
                },
                {
                  "name": "20051122 Horde MIME Viewer vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
                },
                {
                  "name": "15535",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15535"
                },
                {
                  "name": "17703",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17703"
                },
                {
                  "name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2005/000232.html"
                },
                {
                  "name": "DSA-909",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-909"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2005-3759",
        "datePublished": "2005-11-22T21:00:00.000Z",
        "dateReserved": "2005-11-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:24:35.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3570 (GCVE-0-2005-3570)

    Vulnerability from cvelistv5 – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:17
    VLAI
    Summary
    Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/15409 vdb-entryx_refsource_BID
    http://lists.horde.org/archives/announce/2005/000… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/17468 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
    http://www.vupen.com/english/advisories/2005/2403 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/17794 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17702 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2005/dsa-914 vendor-advisoryx_refsource_DEBIAN
    http://cvs.horde.org/diff.php/horde/docs/CHANGES?… x_refsource_CONFIRM
    Date Public
    2005-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:17:23.405Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "15409",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15409"
              },
              {
                "name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2005/000231.html"
              },
              {
                "name": "17468",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17468"
              },
              {
                "name": "GLSA-200511-20",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
              },
              {
                "name": "ADV-2005-2403",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2403"
              },
              {
                "name": "17794",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17794"
              },
              {
                "name": "17702",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17702"
              },
              {
                "name": "DSA-914",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-914"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-30T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "15409",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15409"
            },
            {
              "name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2005/000231.html"
            },
            {
              "name": "17468",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17468"
            },
            {
              "name": "GLSA-200511-20",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
            },
            {
              "name": "ADV-2005-2403",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2403"
            },
            {
              "name": "17794",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17794"
            },
            {
              "name": "17702",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17702"
            },
            {
              "name": "DSA-914",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-914"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3570",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "15409",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15409"
                },
                {
                  "name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2005/000231.html"
                },
                {
                  "name": "17468",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17468"
                },
                {
                  "name": "GLSA-200511-20",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
                },
                {
                  "name": "ADV-2005-2403",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2403"
                },
                {
                  "name": "17794",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17794"
                },
                {
                  "name": "17702",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17702"
                },
                {
                  "name": "DSA-914",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-914"
                },
                {
                  "name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3570",
        "datePublished": "2005-11-16T07:37:00.000Z",
        "dateReserved": "2005-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:17:23.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3344 (GCVE-0-2005-3344)

    Vulnerability from cvelistv5 – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:10
    VLAI
    Summary
    The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/15337/ vdb-entryx_refsource_BID
    http://www.networkscanning.com/Horde-Default-Admi… x_refsource_MISC
    http://www.osvdb.org/24117 vdb-entryx_refsource_OSVDB
    http://www.debian.org/security/2005/dsa-884 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2005-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:10:08.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "horde-default-account(24576)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
              },
              {
                "name": "15337",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15337/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
              },
              {
                "name": "24117",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24117"
              },
              {
                "name": "DSA-884",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-884"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "horde-default-account(24576)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
            },
            {
              "name": "15337",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15337/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
            },
            {
              "name": "24117",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24117"
            },
            {
              "name": "DSA-884",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-884"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2005-3344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "horde-default-account(24576)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
                },
                {
                  "name": "15337",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15337/"
                },
                {
                  "name": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html",
                  "refsource": "MISC",
                  "url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
                },
                {
                  "name": "24117",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24117"
                },
                {
                  "name": "DSA-884",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-884"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2005-3344",
        "datePublished": "2005-11-16T07:37:00.000Z",
        "dateReserved": "2005-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:10:08.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0378 (GCVE-0-2005-0378)

    Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2005-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:53.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.hyperdose.com/advisories/H2005-01.txt"
              },
              {
                "name": "20050113 Cross Site Scripting holes found in Horde 3.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
              },
              {
                "name": "12255",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12255"
              },
              {
                "name": "1012892",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012892"
              },
              {
                "name": "horde-prefs-index-xss(18881)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.hyperdose.com/advisories/H2005-01.txt"
            },
            {
              "name": "20050113 Cross Site Scripting holes found in Horde 3.0",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
            },
            {
              "name": "12255",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12255"
            },
            {
              "name": "1012892",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012892"
            },
            {
              "name": "horde-prefs-index-xss(18881)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0378",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.hyperdose.com/advisories/H2005-01.txt",
                  "refsource": "MISC",
                  "url": "http://www.hyperdose.com/advisories/H2005-01.txt"
                },
                {
                  "name": "20050113 Cross Site Scripting holes found in Horde 3.0",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
                },
                {
                  "name": "12255",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12255"
                },
                {
                  "name": "1012892",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012892"
                },
                {
                  "name": "horde-prefs-index-xss(18881)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0378",
        "datePublished": "2005-02-13T05:00:00.000Z",
        "dateReserved": "2005-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:53.499Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }