VYPR

Imp

by Horde (software)

Source repositories

CVEs (27)

  • CVE-2004-1443Dec 31, 2004
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.

  • CVE-2004-0584Aug 6, 2004
    risk 0.00cvss epss 0.01

    Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS)…

  • CVE-2002-0181Apr 22, 2002
    risk 0.00cvss epss 0.02

    Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.

  • CVE-2001-0744Oct 18, 2001
    risk 0.00cvss epss 0.00

    Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.

  • CVE-2001-1257Jul 21, 2001
    risk 0.00cvss epss 0.02

    Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.

  • CVE-2001-1258Jul 21, 2001
    risk 0.00cvss epss 0.00

    Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

  • CVE-2000-0911Dec 19, 2000
    risk 0.00cvss epss 0.02

    IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.

Page 2 of 2