Show filters
10 Total Results
Displaying 1-10 of 10
Sort by:
Attacker Value
Unknown
CVE-2017-14650
Disclosure Date: September 21, 2017 (last updated November 26, 2024)
A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line.
0
Attacker Value
Unknown
CVE-2017-9773
Disclosure Date: June 21, 2017 (last updated November 26, 2024)
Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver.
0
Attacker Value
Unknown
CVE-2017-9774
Disclosure Date: June 21, 2017 (last updated November 26, 2024)
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
0
Attacker Value
Unknown
CVE-2010-3694
Disclosure Date: November 09, 2010 (last updated October 04, 2023)
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
0
Attacker Value
Unknown
CVE-2010-3077
Disclosure Date: November 09, 2010 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
0
Attacker Value
Unknown
CVE-2008-7218
Disclosure Date: September 13, 2009 (last updated October 04, 2023)
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
0
Attacker Value
Unknown
CVE-2007-1473
Disclosure Date: March 16, 2007 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
0
Attacker Value
Unknown
CVE-2006-1260
Disclosure Date: March 19, 2006 (last updated February 22, 2025)
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
0
Attacker Value
Unknown
CVE-2005-4190
Disclosure Date: December 13, 2005 (last updated February 22, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
0
Attacker Value
Unknown
CVE-2005-3759
Disclosure Date: November 22, 2005 (last updated February 22, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
0