VYPR

Vendor CVEs

Horde (software)

All CVEs

123 total · sorted by risk
  • CVE-2017-7413HigApr 4, 2017
    risk 0.60cvss 8.8epss 0.40

    In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a…

  • CVE-2017-9774HigJun 21, 2017
    risk 0.57cvss 8.8epss 0.02

    Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.

  • CVE-2017-14650HigSep 21, 2017
    risk 0.53cvss 8.1epss 0.04

    A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde…

  • CVE-2017-15235HigOct 11, 2017
    risk 0.52cvss 7.5epss 0.06

    The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.

  • CVE-2017-7414HigApr 4, 2017
    risk 0.49cvss 7.5epss 0.01

    In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?"…

  • CVE-2014-3999HigApr 10, 2018
    risk 0.46cvss 8.1epss 0.03

    The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN.

  • CVE-2025-30349HigMar 21, 2025
    risk 0.44cvss 7.2epss 0.29

    Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025.

  • CVE-2016-5303MedDec 20, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink…

  • CVE-2017-9773MedJun 21, 2017
    risk 0.37cvss 5.7epss 0.01

    Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver.

  • CVE-2017-16908MedNov 20, 2017
    risk 0.35cvss 5.4epss 0.02

    In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.

  • CVE-2017-16907MedNov 20, 2017
    risk 0.35cvss 5.4epss 0.01

    In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.

  • CVE-2017-16906MedNov 20, 2017
    risk 0.35cvss 5.4epss 0.01

    In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.

  • CVE-2007-1679MedMar 26, 2007
    risk 0.35cvss 5.4epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor,…

  • CVE-2002-2024MedDec 31, 2002
    risk 0.35cvss 5.3epss 0.02

    Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.

  • CVE-2016-2228MedApr 13, 2016
    risk 0.33cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated…

  • CVE-2015-8807MedApr 13, 2016
    risk 0.33cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web…

  • CVE-2020-8518Feb 17, 2020
    risk 0.10cvss epss 0.71

    Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.

  • CVE-2019-9858May 29, 2019
    risk 0.09cvss epss 0.19

    Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and…

  • CVE-2012-0209Sep 25, 2012
    risk 0.09cvss epss 0.72

    Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers…

  • CVE-2009-0932Mar 17, 2009
    risk 0.06cvss epss 0.41

    Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.

  • CVE-2006-1491Mar 29, 2006
    risk 0.06cvss epss 0.38

    Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.

  • CVE-2006-1260Mar 19, 2006
    risk 0.04cvss epss 0.12

    Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.

  • CVE-2001-1370Jul 21, 2001
    risk 0.04cvss epss 0.17

    prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before…

  • CVE-2021-26929Feb 14, 2021
    risk 0.03cvss epss 0.05

    An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in…

  • CVE-2020-8865Mar 23, 2020
    risk 0.03cvss epss 0.07

    This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template]…

  • CVE-2020-8866Mar 23, 2020
    risk 0.03cvss epss 0.10

    This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper…

  • CVE-2013-6275Nov 5, 2019
    risk 0.03cvss epss 0.02

    Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

  • CVE-2015-7984Nov 19, 2015
    risk 0.03cvss epss 0.04

    Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1)…

  • CVE-2010-3695Mar 31, 2011
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the…

  • CVE-2010-3077Nov 9, 2010
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.

  • CVE-2009-3701Dec 21, 2009
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the…

  • CVE-2009-2360Jul 8, 2009
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter.

  • CVE-2008-3824Sep 12, 2008
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as…

  • CVE-2008-3823Sep 12, 2008
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.

  • CVE-2008-2783Jun 19, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde…

  • CVE-2008-1974Apr 27, 2008
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

  • CVE-2007-1515Mar 20, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified…

  • CVE-2007-1473Mar 16, 2007
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.

  • CVE-2007-1474Mar 16, 2007
    risk 0.03cvss epss 0.05

    Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

  • CVE-2005-4080Dec 8, 2005
    risk 0.03cvss epss 0.02

    Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores…

  • CVE-2003-0025Jan 17, 2003
    risk 0.02cvss epss 0.24

    Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.

  • CVE-2022-30287Jul 28, 2022
    risk 0.01cvss epss 0.70

    Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.

  • CVE-2005-3344Nov 16, 2005
    risk 0.01cvss epss 0.08

    The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.

  • CVE-2025-41066Dec 2, 2025
    risk 0.00cvss epss 0.00

    Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters…

  • CVE-2025-5718Nov 11, 2025
    risk 0.00cvss epss 0.00

    The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a…

  • CVE-2025-0359Mar 4, 2025
    risk 0.00cvss epss 0.00

    During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the…

  • CVE-2022-26874Mar 11, 2022
    risk 0.00cvss epss 0.01

    lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.

  • CVE-2021-1460Mar 24, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to…

  • CVE-2020-3233Jun 3, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. The…

  • CVE-2020-8034May 18, 2020
    risk 0.00cvss epss 0.01

    Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access…

Page 1 of 3