Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for kronolith_h3 by horde

    CVE-2008-7219 (GCVE-0-2008-7219)

    Vulnerability from nvd – Published: 2009-09-13 22:00 – Updated: 2024-09-17 01:06
    VLAI
    Summary
    Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000371.html"
              },
              {
                "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000369.html"
              },
              {
                "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000363.html"
              },
              {
                "name": "27217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27217"
              },
              {
                "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000365.html"
              },
              {
                "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000376.html"
              },
              {
                "name": "FEDORA-2008-2212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
              },
              {
                "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000364.html"
              },
              {
                "name": "28382",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28382"
              },
              {
                "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000377.html"
              },
              {
                "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000366.html"
              },
              {
                "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000362.html"
              },
              {
                "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000368.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-09-13T22:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000371.html"
            },
            {
              "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000369.html"
            },
            {
              "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000363.html"
            },
            {
              "name": "27217",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27217"
            },
            {
              "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000365.html"
            },
            {
              "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000376.html"
            },
            {
              "name": "FEDORA-2008-2212",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
            },
            {
              "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000364.html"
            },
            {
              "name": "28382",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28382"
            },
            {
              "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000377.html"
            },
            {
              "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000366.html"
            },
            {
              "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000362.html"
            },
            {
              "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000368.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7219",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000371.html"
                },
                {
                  "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000369.html"
                },
                {
                  "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000363.html"
                },
                {
                  "name": "27217",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27217"
                },
                {
                  "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000365.html"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000376.html"
                },
                {
                  "name": "FEDORA-2008-2212",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
                },
                {
                  "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000364.html"
                },
                {
                  "name": "28382",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28382"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000377.html"
                },
                {
                  "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000366.html"
                },
                {
                  "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000362.html"
                },
                {
                  "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000368.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7219",
        "datePublished": "2009-09-13T22:00:00.000Z",
        "dateReserved": "2009-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:06:15.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7218 (GCVE-0-2008-7218)

    Vulnerability from nvd – Published: 2009-09-13 22:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/27217 vdb-entryx_refsource_BID
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/28382 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.osvdb.org/42775 vdb-entryx_refsource_OSVDB
    Date Public
    2008-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000371.html"
              },
              {
                "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000369.html"
              },
              {
                "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000363.html"
              },
              {
                "name": "27217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27217"
              },
              {
                "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000365.html"
              },
              {
                "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000376.html"
              },
              {
                "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000367.html"
              },
              {
                "name": "FEDORA-2008-2212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
              },
              {
                "name": "[announce] 20080109 Horde 3.1.6 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000360.html"
              },
              {
                "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000364.html"
              },
              {
                "name": "28382",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28382"
              },
              {
                "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000377.html"
              },
              {
                "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000366.html"
              },
              {
                "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000361.html"
              },
              {
                "name": "horde-hordeapi-privilege-escalation(39599)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
              },
              {
                "name": "[announce] 20080122 Horde 3.2-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000374.html"
              },
              {
                "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000362.html"
              },
              {
                "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000368.html"
              },
              {
                "name": "42775",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/42775"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000371.html"
            },
            {
              "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000369.html"
            },
            {
              "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000363.html"
            },
            {
              "name": "27217",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27217"
            },
            {
              "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000365.html"
            },
            {
              "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000376.html"
            },
            {
              "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000367.html"
            },
            {
              "name": "FEDORA-2008-2212",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
            },
            {
              "name": "[announce] 20080109 Horde 3.1.6 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000360.html"
            },
            {
              "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000364.html"
            },
            {
              "name": "28382",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28382"
            },
            {
              "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000377.html"
            },
            {
              "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000366.html"
            },
            {
              "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000361.html"
            },
            {
              "name": "horde-hordeapi-privilege-escalation(39599)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
            },
            {
              "name": "[announce] 20080122 Horde 3.2-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000374.html"
            },
            {
              "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000362.html"
            },
            {
              "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000368.html"
            },
            {
              "name": "42775",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/42775"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7218",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000371.html"
                },
                {
                  "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000369.html"
                },
                {
                  "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000363.html"
                },
                {
                  "name": "27217",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27217"
                },
                {
                  "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000365.html"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000376.html"
                },
                {
                  "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000367.html"
                },
                {
                  "name": "FEDORA-2008-2212",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
                },
                {
                  "name": "[announce] 20080109 Horde 3.1.6 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000360.html"
                },
                {
                  "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000364.html"
                },
                {
                  "name": "28382",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28382"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000377.html"
                },
                {
                  "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000366.html"
                },
                {
                  "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000361.html"
                },
                {
                  "name": "horde-hordeapi-privilege-escalation(39599)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
                },
                {
                  "name": "[announce] 20080122 Horde 3.2-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000374.html"
                },
                {
                  "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000362.html"
                },
                {
                  "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000368.html"
                },
                {
                  "name": "42775",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/42775"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7218",
        "datePublished": "2009-09-13T22:00:00.000Z",
        "dateReserved": "2009-09-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-4189 (GCVE-0-2005-4189)

    Vulnerability from nvd – Published: 2005-12-13 11:00 – Updated: 2024-08-07 23:38
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/18827 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/21609 vdb-entryx_refsource_OSVDB
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/21608 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/17971 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/15808 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/2834 vdb-entryx_refsource_VUPEN
    http://www.debian.org/security/2006/dsa-970 vendor-advisoryx_refsource_DEBIAN
    http://www.osvdb.org/21611 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/21610 vdb-entryx_refsource_OSVDB
    http://lists.horde.org/archives/announce/2005/000… mailing-listx_refsource_MLIST
    http://www.sec-consult.com/245.html x_refsource_MISC
    Date Public
    2005-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:38:51.279Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18827",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18827"
              },
              {
                "name": "21609",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/21609"
              },
              {
                "name": "20051211 SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
              },
              {
                "name": "21608",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/21608"
              },
              {
                "name": "17971",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17971"
              },
              {
                "name": "15808",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15808"
              },
              {
                "name": "ADV-2005-2834",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2834"
              },
              {
                "name": "DSA-970",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-970"
              },
              {
                "name": "21611",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/21611"
              },
              {
                "name": "21610",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/21610"
              },
              {
                "name": "[horde-announce] 20051211 Kronolith H3 (2.0.6) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2005/000234.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/245.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-12-16T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18827",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18827"
            },
            {
              "name": "21609",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/21609"
            },
            {
              "name": "20051211 SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
            },
            {
              "name": "21608",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/21608"
            },
            {
              "name": "17971",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17971"
            },
            {
              "name": "15808",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15808"
            },
            {
              "name": "ADV-2005-2834",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2834"
            },
            {
              "name": "DSA-970",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-970"
            },
            {
              "name": "21611",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/21611"
            },
            {
              "name": "21610",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/21610"
            },
            {
              "name": "[horde-announce] 20051211 Kronolith H3 (2.0.6) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2005/000234.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/245.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-4189",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18827",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18827"
                },
                {
                  "name": "21609",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/21609"
                },
                {
                  "name": "20051211 SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
                },
                {
                  "name": "21608",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/21608"
                },
                {
                  "name": "17971",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17971"
                },
                {
                  "name": "15808",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15808"
                },
                {
                  "name": "ADV-2005-2834",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2834"
                },
                {
                  "name": "DSA-970",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-970"
                },
                {
                  "name": "21611",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/21611"
                },
                {
                  "name": "21610",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/21610"
                },
                {
                  "name": "[horde-announce] 20051211 Kronolith H3 (2.0.6) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2005/000234.html"
                },
                {
                  "name": "http://www.sec-consult.com/245.html",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/245.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-4189",
        "datePublished": "2005-12-13T11:00:00.000Z",
        "dateReserved": "2005-12-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:38:51.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7218 (GCVE-0-2008-7218)

    Vulnerability from cvelistv5 – Published: 2009-09-13 22:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/27217 vdb-entryx_refsource_BID
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/28382 third-party-advisoryx_refsource_SECUNIA
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://lists.horde.org/archives/announce/2008/000… mailing-listx_refsource_MLIST
    http://www.osvdb.org/42775 vdb-entryx_refsource_OSVDB
    Date Public
    2008-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000371.html"
              },
              {
                "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000369.html"
              },
              {
                "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000363.html"
              },
              {
                "name": "27217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27217"
              },
              {
                "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000365.html"
              },
              {
                "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000376.html"
              },
              {
                "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000367.html"
              },
              {
                "name": "FEDORA-2008-2212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
              },
              {
                "name": "[announce] 20080109 Horde 3.1.6 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000360.html"
              },
              {
                "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000364.html"
              },
              {
                "name": "28382",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28382"
              },
              {
                "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000377.html"
              },
              {
                "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000366.html"
              },
              {
                "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000361.html"
              },
              {
                "name": "horde-hordeapi-privilege-escalation(39599)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
              },
              {
                "name": "[announce] 20080122 Horde 3.2-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000374.html"
              },
              {
                "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000362.html"
              },
              {
                "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000368.html"
              },
              {
                "name": "42775",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/42775"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000371.html"
            },
            {
              "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000369.html"
            },
            {
              "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000363.html"
            },
            {
              "name": "27217",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27217"
            },
            {
              "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000365.html"
            },
            {
              "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000376.html"
            },
            {
              "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000367.html"
            },
            {
              "name": "FEDORA-2008-2212",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
            },
            {
              "name": "[announce] 20080109 Horde 3.1.6 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000360.html"
            },
            {
              "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000364.html"
            },
            {
              "name": "28382",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28382"
            },
            {
              "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000377.html"
            },
            {
              "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000366.html"
            },
            {
              "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000361.html"
            },
            {
              "name": "horde-hordeapi-privilege-escalation(39599)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
            },
            {
              "name": "[announce] 20080122 Horde 3.2-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000374.html"
            },
            {
              "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000362.html"
            },
            {
              "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000368.html"
            },
            {
              "name": "42775",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/42775"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7218",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000371.html"
                },
                {
                  "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000369.html"
                },
                {
                  "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000363.html"
                },
                {
                  "name": "27217",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27217"
                },
                {
                  "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000365.html"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000376.html"
                },
                {
                  "name": "[announce] 20080122 Turba H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000367.html"
                },
                {
                  "name": "FEDORA-2008-2212",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
                },
                {
                  "name": "[announce] 20080109 Horde 3.1.6 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000360.html"
                },
                {
                  "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000364.html"
                },
                {
                  "name": "28382",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28382"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000377.html"
                },
                {
                  "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000366.html"
                },
                {
                  "name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000361.html"
                },
                {
                  "name": "horde-hordeapi-privilege-escalation(39599)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
                },
                {
                  "name": "[announce] 20080122 Horde 3.2-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000374.html"
                },
                {
                  "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000362.html"
                },
                {
                  "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000368.html"
                },
                {
                  "name": "42775",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/42775"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7218",
        "datePublished": "2009-09-13T22:00:00.000Z",
        "dateReserved": "2009-09-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7219 (GCVE-0-2008-7219)

    Vulnerability from cvelistv5 – Published: 2009-09-13 22:00 – Updated: 2024-09-17 01:06
    VLAI
    Summary
    Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000371.html"
              },
              {
                "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000369.html"
              },
              {
                "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000363.html"
              },
              {
                "name": "27217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27217"
              },
              {
                "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000365.html"
              },
              {
                "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000376.html"
              },
              {
                "name": "FEDORA-2008-2212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
              },
              {
                "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000364.html"
              },
              {
                "name": "28382",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28382"
              },
              {
                "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000377.html"
              },
              {
                "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000366.html"
              },
              {
                "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000362.html"
              },
              {
                "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2008/000368.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-09-13T22:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000371.html"
            },
            {
              "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000369.html"
            },
            {
              "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000363.html"
            },
            {
              "name": "27217",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27217"
            },
            {
              "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000365.html"
            },
            {
              "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000376.html"
            },
            {
              "name": "FEDORA-2008-2212",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
            },
            {
              "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000364.html"
            },
            {
              "name": "28382",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28382"
            },
            {
              "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000377.html"
            },
            {
              "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000366.html"
            },
            {
              "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000362.html"
            },
            {
              "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000368.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7219",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000371.html"
                },
                {
                  "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000369.html"
                },
                {
                  "name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000363.html"
                },
                {
                  "name": "27217",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27217"
                },
                {
                  "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000365.html"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000376.html"
                },
                {
                  "name": "FEDORA-2008-2212",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
                },
                {
                  "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000364.html"
                },
                {
                  "name": "28382",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28382"
                },
                {
                  "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000377.html"
                },
                {
                  "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000366.html"
                },
                {
                  "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000362.html"
                },
                {
                  "name": "[announce] 20080122 Nag H3 (2.2-RC2)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2008/000368.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7219",
        "datePublished": "2009-09-13T22:00:00.000Z",
        "dateReserved": "2009-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:06:15.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-4189 (GCVE-0-2005-4189)

    Vulnerability from cvelistv5 – Published: 2005-12-13 11:00 – Updated: 2024-08-07 23:38
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/18827 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/21609 vdb-entryx_refsource_OSVDB
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/21608 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/17971 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/15808 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/2834 vdb-entryx_refsource_VUPEN
    http://www.debian.org/security/2006/dsa-970 vendor-advisoryx_refsource_DEBIAN
    http://www.osvdb.org/21611 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/21610 vdb-entryx_refsource_OSVDB
    http://lists.horde.org/archives/announce/2005/000… mailing-listx_refsource_MLIST
    http://www.sec-consult.com/245.html x_refsource_MISC
    Date Public
    2005-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:38:51.279Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18827",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18827"
              },
              {
                "name": "21609",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/21609"
              },
              {
                "name": "20051211 SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
              },
              {
                "name": "21608",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/21608"
              },
              {
                "name": "17971",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17971"
              },
              {
                "name": "15808",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15808"
              },
              {
                "name": "ADV-2005-2834",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2834"
              },
              {
                "name": "DSA-970",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-970"
              },
              {
                "name": "21611",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/21611"
              },
              {
                "name": "21610",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/21610"
              },
              {
                "name": "[horde-announce] 20051211 Kronolith H3 (2.0.6) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2005/000234.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/245.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-12-16T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18827",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18827"
            },
            {
              "name": "21609",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/21609"
            },
            {
              "name": "20051211 SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
            },
            {
              "name": "21608",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/21608"
            },
            {
              "name": "17971",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17971"
            },
            {
              "name": "15808",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15808"
            },
            {
              "name": "ADV-2005-2834",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2834"
            },
            {
              "name": "DSA-970",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-970"
            },
            {
              "name": "21611",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/21611"
            },
            {
              "name": "21610",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/21610"
            },
            {
              "name": "[horde-announce] 20051211 Kronolith H3 (2.0.6) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2005/000234.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/245.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-4189",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18827",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18827"
                },
                {
                  "name": "21609",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/21609"
                },
                {
                  "name": "20051211 SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
                },
                {
                  "name": "21608",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/21608"
                },
                {
                  "name": "17971",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17971"
                },
                {
                  "name": "15808",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15808"
                },
                {
                  "name": "ADV-2005-2834",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2834"
                },
                {
                  "name": "DSA-970",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-970"
                },
                {
                  "name": "21611",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/21611"
                },
                {
                  "name": "21610",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/21610"
                },
                {
                  "name": "[horde-announce] 20051211 Kronolith H3 (2.0.6) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2005/000234.html"
                },
                {
                  "name": "http://www.sec-consult.com/245.html",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/245.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-4189",
        "datePublished": "2005-12-13T11:00:00.000Z",
        "dateReserved": "2005-12-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:38:51.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }