Latest horde groupware Vulnerabilities

CVE-2022-30287
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP object...
Horde Groupware<=5.2.22
Debian Debian Linux=10.0
CVE-2021-26929
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaSc...
Horde Groupware<=5.2.22
Debian Debian Linux=9.0
CVE-2020-8034
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the br...
Horde Gollem<3.0.13
Horde Groupware=5.2.22
CVE-2020-8035
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. ...
Horde Groupware<5.2.22
CVE-2020-8866
Horde Groupware Webmail Edition add Page Unrestricted File Upload Arbitrary File Creation Vulnerability
Horde Groupware Webmail Edition
Horde Groupware=5.2.22
Horde Horde Form<2.0.20
Debian Debian Linux=8.0
CVE-2020-8865
Horde Groupware Webmail Edition edit Page Directory Traversal Remote Code Execution Vulnerability
Horde Groupware Webmail Edition
Horde Groupware=5.2.22
Debian Debian Linux=8.0
CVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Horde Groupware=5.2.22
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=8.0
CVE-2013-6275
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
debian/php-horde-ingo
Horde Groupware<=5.1.2
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2013-6364
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
debian/php-horde
debian/php-horde-turba
Horde Groupware=5.1.2
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2013-6365
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
debian/php-horde
debian/php-horde-kronolith
Horde Groupware=5.1.2
Oracle Java Runtime Environment (JRE)=13.1
Oracle Java Runtime Environment (JRE)=13.2
Debian Debian Linux=8.0
and 2 more
CVE-2019-12095
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: ...
Horde Groupware<=5.2.22
CVE-2019-12094
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
Horde Groupware<=5.2.22
CVE-2019-9858
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image me...
debian/php-horde-form
debian/php-horde-form<=2.0.18-3<=2.0.15-1
Horde Groupware=5.2.17
Horde Groupware=5.2.22
Debian Debian Linux=8.0
Debian Debian Linux=9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203