Vendor
Horde (software)
Horde is a free web-based groupware. The components of this groupware rest on the Horde framework, a PHP-based framework provides all the elements required for rapid web application development. Horde offers applications such as the Horde IMP email client, a groupware package, a wiki and a time and task tracking software.
Products
29
CVEs
96
Across products
1,736
Status
Private
Products
29- 393 CVEs
- 374 CVEs
- 314 CVEs
- 138 CVEs
- 108 CVEs
- 64 CVEs
- 53 CVEs
- 50 CVEs
- 48 CVEs
- 44 CVEs
- 30 CVEs
- 29 CVEs
- 14 CVEs
- 12 CVEs
- 10 CVEs
- 10 CVEs
- 8 CVEs
- 7 CVEs
- 6 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
96| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9774 | Hig | 0.58 | 8.8 | 0.04 | Jun 21, 2017 | Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. | |
| CVE-2017-7413 | Hig | 0.58 | 8.8 | 0.13 | Apr 4, 2017 | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address. | |
| CVE-2017-15235 | Hig | 0.53 | 7.5 | 0.13 | Oct 11, 2017 | The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. | |
| CVE-2017-14650 | Hig | 0.53 | 8.1 | 0.03 | Sep 21, 2017 | A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line. | |
| CVE-2017-7414 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2017 | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it. | |
| CVE-2016-2228 | Med | 0.40 | 6.1 | 0.01 | Apr 13, 2016 | Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php. | |
| CVE-2015-8807 | Med | 0.40 | 6.1 | 0.01 | Apr 13, 2016 | Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields. | |
| CVE-2017-9773 | Med | 0.37 | 5.7 | 0.00 | Jun 21, 2017 | Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. | |
| CVE-2017-16908 | Med | 0.35 | 5.4 | 0.00 | Nov 20, 2017 | In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. | |
| CVE-2017-16907 | Med | 0.35 | 5.4 | 0.00 | Nov 20, 2017 | In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | |
| CVE-2017-16906 | Med | 0.35 | 5.4 | 0.00 | Nov 20, 2017 | In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | |
| CVE-2007-1679 | Med | 0.35 | 5.4 | 0.00 | Mar 26, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages | |
| CVE-2002-2024 | Med | 0.34 | 5.3 | 0.00 | Dec 31, 2002 | Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages. | |
| CVE-2014-1691 | 0.10 | — | 0.81 | Apr 1, 2014 | The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form. | ||
| CVE-2012-0209 | 0.08 | — | 0.65 | Sep 25, 2012 | Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code. | ||
| CVE-2006-1260 | 0.05 | — | 0.26 | Mar 19, 2006 | Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. | ||
| CVE-2006-1491 | 0.04 | — | 0.18 | Mar 29, 2006 | Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | ||
| CVE-2015-7984 | 0.03 | — | 0.01 | Nov 19, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php. | ||
| CVE-2010-3695 | 0.03 | — | 0.01 | Mar 31, 2011 | Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration. | ||
| CVE-2010-3077 | 0.03 | — | 0.01 | Nov 9, 2010 | Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. |