Search criteria
36 vulnerabilities found for horde by horde
CVE-2012-0209 (GCVE-0-2012-0209)
Vulnerability from nvd – Published: 2012-09-25 22:00 – Updated: 2024-09-16 21:57
VLAI?
Summary
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-25T22:00:00Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155",
"refsource": "CONFIRM",
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"name": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/",
"refsource": "MISC",
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=790877",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"name": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0209",
"datePublished": "2012-09-25T22:00:00Z",
"dateReserved": "2011-12-14T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:27.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1638 (GCVE-0-2010-1638)
Vulnerability from nvd – Published: 2010-06-22 17:00 – Updated: 2024-08-07 01:28
VLAI?
Summary
The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
},
{
"name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product\u0027s installation documentation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-22T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
},
{
"name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1638",
"datePublished": "2010-06-22T17:00:00Z",
"dateReserved": "2010-04-29T00:00:00Z",
"dateUpdated": "2024-08-07T01:28:41.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7218 (GCVE-0-2008-7218)
Vulnerability from nvd – Published: 2009-09-13 22:00 – Updated: 2024-08-07 11:56
VLAI?
Summary
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/42775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/42775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/42775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7218",
"datePublished": "2009-09-13T22:00:00",
"dateReserved": "2009-09-13T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3824 (GCVE-0-2008-3824)
Vulnerability from nvd – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
},
{
"name": "horde-htmlmessages-xss(45031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
},
{
"name": "47996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47996"
},
{
"name": "31107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
},
{
"name": "horde-htmlmessages-xss(45031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
},
{
"name": "47996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47996"
},
{
"name": "31107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31107"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3824",
"datePublished": "2008-09-12T16:00:00",
"dateReserved": "2008-08-27T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3823 (GCVE-0-2008-3823)
Vulnerability from nvd – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "horde-mime-xss(45030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31842"
},
{
"name": "DSA-1642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1642"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "31959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31959"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/MIME.patch"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"name": "31110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31110"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "horde-mime-xss(45030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31842"
},
{
"name": "DSA-1642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1642"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "31959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31959"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/MIME.patch"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"name": "31110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31110"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3823",
"datePublished": "2008-09-12T16:00:00",
"dateReserved": "2008-08-27T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1284 (GCVE-0-2008-1284)
Vulnerability from nvd – Published: 2008-03-11 00:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3726",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3726",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3726",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1284",
"datePublished": "2008-03-11T00:00:00",
"dateReserved": "2008-03-10T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6018 (GCVE-0-2007-6018)
Vulnerability from nvd – Published: 2008-01-11 02:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:25.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "29186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-6018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29186"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=428625",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"name": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"name": "http://secunia.com/secunia_research/2007-102/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-6018",
"datePublished": "2008-01-11T02:00:00",
"dateReserved": "2007-11-19T00:00:00",
"dateUpdated": "2024-08-07T15:54:25.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4255 (GCVE-0-2006-4255)
Vulnerability from nvd – Published: 2006-08-21 20:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19544",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21533"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19544",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21533"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21533"
},
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4255",
"datePublished": "2006-08-21T20:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3548 (GCVE-0-2006-3548)
Vulnerability from nvd – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000287.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016442"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000288.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1229"
},
{
"name": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3548",
"datePublished": "2006-07-13T00:00:00",
"dateReserved": "2006-07-12T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2195 (GCVE-0-2006-2195)
Vulnerability from nvd – Published: 2006-06-15 10:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20750"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26514"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20750"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26514"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-2195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20750"
},
{
"name": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt",
"refsource": "MISC",
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"name": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26514"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=136830",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-2195",
"datePublished": "2006-06-15T10:00:00",
"dateReserved": "2006-05-04T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1260 (GCVE-0-2006-1260)
Vulnerability from nvd – Published: 2006-03-19 02:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "590",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "590",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "590",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1260",
"datePublished": "2006-03-19T02:00:00",
"dateReserved": "2006-03-18T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3759 (GCVE-0-2005-3759)
Vulnerability from nvd – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200511-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3759",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3344 (GCVE-0-2005-3344)
Vulnerability from nvd – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:10
VLAI?
Summary
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "horde-default-account(24576)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "horde-default-account(24576)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "horde-default-account(24576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"name": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html",
"refsource": "MISC",
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3344",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3570 (GCVE-0-2005-3570)
Vulnerability from nvd – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:17
VLAI?
Summary
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15409",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15409",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3570",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0378 (GCVE-0-2005-0378)
Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hyperdose.com/advisories/H2005-01.txt",
"refsource": "MISC",
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0378",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0209 (GCVE-0-2012-0209)
Vulnerability from cvelistv5 – Published: 2012-09-25 22:00 – Updated: 2024-09-16 21:57
VLAI?
Summary
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-25T22:00:00Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155",
"refsource": "CONFIRM",
"url": "http://dev.horde.org/h/jonah/stories/view.php?channel_id=1\u0026id=155"
},
{
"name": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/",
"refsource": "MISC",
"url": "http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=790877",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790877"
},
{
"name": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html"
},
{
"name": "[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2012/000751.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0209",
"datePublished": "2012-09-25T22:00:00Z",
"dateReserved": "2011-12-14T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:27.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1638 (GCVE-0-2010-1638)
Vulnerability from cvelistv5 – Published: 2010-06-22 17:00 – Updated: 2024-08-07 01:28
VLAI?
Summary
The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
},
{
"name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product\u0027s installation documentation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-22T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100524 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/2"
},
{
"name": "[oss-security] 20100521 Re: [core] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/21/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1638",
"datePublished": "2010-06-22T17:00:00Z",
"dateReserved": "2010-04-29T00:00:00Z",
"dateUpdated": "2024-08-07T01:28:41.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7218 (GCVE-0-2008-7218)
Vulnerability from cvelistv5 – Published: 2009-09-13 22:00 – Updated: 2024-08-07 11:56
VLAI?
Summary
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/42775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/42775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/42775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7218",
"datePublished": "2009-09-13T22:00:00",
"dateReserved": "2009-09-13T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3824 (GCVE-0-2008-3824)
Vulnerability from cvelistv5 – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
},
{
"name": "horde-htmlmessages-xss(45031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
},
{
"name": "47996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47996"
},
{
"name": "31107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[horde-announce] 20080910 Horde 3.1.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2008-09-11.php"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.patch"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/Text_Filter.31.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html"
},
{
"name": "horde-htmlmessages-xss(45031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45031"
},
{
"name": "47996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47996"
},
{
"name": "31107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31107"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3824",
"datePublished": "2008-09-12T16:00:00",
"dateReserved": "2008-08-27T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3823 (GCVE-0-2008-3823)
Vulnerability from cvelistv5 – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "horde-mime-xss(45030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31842"
},
{
"name": "DSA-1642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1642"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "31959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31959"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-012/MIME.patch"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"name": "31110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31110"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "horde-mime-xss(45030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
},
{
"name": "31842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31842"
},
{
"name": "DSA-1642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1642"
},
{
"name": "ADV-2008-2548",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2548"
},
{
"name": "31959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31959"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-012/MIME.patch"
},
{
"name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
},
{
"name": "31110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31110"
},
{
"name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
},
{
"name": "4245",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4245"
},
{
"name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3823",
"datePublished": "2008-09-12T16:00:00",
"dateReserved": "2008-08-27T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1284 (GCVE-0-2008-1284)
Vulnerability from cvelistv5 – Published: 2008-03-11 00:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3726",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3726",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3726",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3726"
},
{
"name": "29286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29286"
},
{
"name": "horde-theme-file-include(41054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
},
{
"name": "[announce] 20080307 Horde Groupware 1.0.5 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000383.html"
},
{
"name": "[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000384.html"
},
{
"name": "FEDORA-2008-2406",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
},
{
"name": "20080307 Horde Webmail file inclusion proof of concept \u0026 patch.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
},
{
"name": "GLSA-200805-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
},
{
"name": "DSA-1519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1519"
},
{
"name": "30047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30047"
},
{
"name": "FEDORA-2008-2362",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
},
{
"name": "29374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29374"
},
{
"name": "20080308 Re: Horde Webmail file inclusion proof of concept \u0026 patch.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
},
{
"name": "[announce] 20080307 Horde 3.1.7 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000382.html"
},
{
"name": "ADV-2008-0822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0822/references"
},
{
"name": "28153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28153"
},
{
"name": "29400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1284",
"datePublished": "2008-03-11T00:00:00",
"dateReserved": "2008-03-10T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6018 (GCVE-0-2007-6018)
Vulnerability from cvelistv5 – Published: 2008-01-11 02:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:25.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "29186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-6018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) \"purge\" deleted emails via a crafted email message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29186"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=428625",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428625"
},
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "horde-impgroupware-filter-security-bypass(39595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39595"
},
{
"name": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17\u0026r2=1.17.2.1\u0026ty=h"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "FEDORA-2008-2087",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
},
{
"name": "27223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27223"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12\u0026r2=1.12.2.1\u0026ty=h"
},
{
"name": "http://secunia.com/secunia_research/2007-102/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-102/advisory/"
},
{
"name": "28020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28020"
},
{
"name": "29185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29185"
},
{
"name": "28546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28546"
},
{
"name": "29184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29184"
},
{
"name": "DSA-1470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1470"
},
{
"name": "FEDORA-2008-2040",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-6018",
"datePublished": "2008-01-11T02:00:00",
"dateReserved": "2007-11-19T00:00:00",
"dateUpdated": "2024-08-07T15:54:25.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4255 (GCVE-0-2006-4255)
Vulnerability from cvelistv5 – Published: 2006-08-21 20:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19544",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21533"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19544",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21533"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19544"
},
{
"name": "[horde-announce] 20060817 IMP H3 (4.1.3) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2006/000294.html"
},
{
"name": "ADV-2006-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3316"
},
{
"name": "1423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1423"
},
{
"name": "21533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21533"
},
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
},
{
"name": "horde-search-xss(28409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
},
{
"name": "20060816 [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
},
{
"name": "1016713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4255",
"datePublished": "2006-08-21T20:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3548 (GCVE-0-2006-3548)
Vulnerability from cvelistv5 – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000287.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016442"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000288.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1229"
},
{
"name": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3548",
"datePublished": "2006-07-13T00:00:00",
"dateReserved": "2006-07-12T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2195 (GCVE-0-2006-2195)
Vulnerability from cvelistv5 – Published: 2006-06-15 10:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20750"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26514"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20750"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26514"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-2195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20750"
},
{
"name": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt",
"refsource": "MISC",
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
},
{
"name": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26514"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=136830",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-2195",
"datePublished": "2006-06-15T10:00:00",
"dateReserved": "2006-05-04T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1260 (GCVE-0-2006-1260)
Vulnerability from cvelistv5 – Published: 2006-03-19 02:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "590",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "590",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "590",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/590"
},
{
"name": "GLSA-200604-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "19528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19528"
},
{
"name": "17117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17117"
},
{
"name": "19246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19246"
},
{
"name": "23918",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23918"
},
{
"name": "19692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19692"
},
{
"name": "horde-servicesgo-information-disclosure(25239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25239"
},
{
"name": "ADV-2006-0959",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0959"
},
{
"name": "19619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19619"
},
{
"name": "1015771",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015771"
},
{
"name": "DSA-1033",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html"
},
{
"name": "20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427710/100/0/threaded"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1260",
"datePublished": "2006-03-19T02:00:00",
"dateReserved": "2006-03-18T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3759 (GCVE-0-2005-3759)
Vulnerability from cvelistv5 – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200511-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2536",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2536"
},
{
"name": "17599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17599"
},
{
"name": "20051122 Horde MIME Viewer vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417436/30/0/threaded"
},
{
"name": "15535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15535"
},
{
"name": "17703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17703"
},
{
"name": "[horde-announce] 20051122 Horde 3.0.7 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000232.html"
},
{
"name": "DSA-909",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3759",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3344 (GCVE-0-2005-3344)
Vulnerability from cvelistv5 – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:10
VLAI?
Summary
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "horde-default-account(24576)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "horde-default-account(24576)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "horde-default-account(24576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24576"
},
{
"name": "15337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15337/"
},
{
"name": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html",
"refsource": "MISC",
"url": "http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html"
},
{
"name": "24117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24117"
},
{
"name": "DSA-884",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3344",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3570 (GCVE-0-2005-3570)
Vulnerability from cvelistv5 – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:17
VLAI?
Summary
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15409",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15409",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109\u0026r2=1.207.2.111\u0026ty=h"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3570",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0378 (GCVE-0-2005-0378)
Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hyperdose.com/advisories/H2005-01.txt",
"refsource": "MISC",
"url": "http://www.hyperdose.com/advisories/H2005-01.txt"
},
{
"name": "20050113 Cross Site Scripting holes found in Horde 3.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110564059322774\u0026w=2"
},
{
"name": "12255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12255"
},
{
"name": "1012892",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012892"
},
{
"name": "horde-prefs-index-xss(18881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0378",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}