Vulnerabilites related to horde - horde_application_framework
Vulnerability from fkie_nvd
Published
2007-03-16 21:19
Modified
2025-04-09 00:30
Severity ?
Summary
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.
References
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489Vendor Advisory
cve@mitre.orghttp://lists.horde.org/archives/announce/2007/000315.htmlPatch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27565
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1406
cve@mitre.orghttp://www.securityfocus.com/bid/22985
cve@mitre.orghttp://www.securitytracker.com/id?1017784
cve@mitre.orghttp://www.securitytracker.com/id?1017785
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0965
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/32997
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2007/000315.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27565
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1406
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22985
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017784
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017785
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0965
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32997
Impacted products
Vendor Product Version
horde horde_application_framework 3.0.0
horde horde_application_framework 3.0.4
horde horde_application_framework 3.1.3
horde imp 2.0
horde imp 2.2
horde imp 2.2.1
horde imp 2.2.2
horde imp 2.2.3
horde imp 2.2.4
horde imp 2.2.5
horde imp 2.2.6
horde imp 2.2.7
horde imp 2.2.8
horde imp 2.3
horde imp 3.0
horde imp 3.1
horde imp 3.1.2
horde imp 3.2
horde imp 3.2.1
horde imp 3.2.2
horde imp 3.2.3
horde imp 3.2.4
horde imp 3.2.5
horde imp 3.2.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A5CF62-60DD-4EA7-A6C3-2061548EF1B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6E3FE20-264A-4496-8FB3-E59A3A38BAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2A8C5B-6155-4B40-B8C8-B4944064E3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11E08A4-79D6-46FE-880F-66E9778C298E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A3894F-2E3F-49CA-BEE5-759D603F6EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDBDC41-7E6F-4C97-95BD-7DEB2D9FE837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B52D447-8E56-4E04-9650-38D222DA8D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C455353-0401-4975-89BC-C23D32A684F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D9D9E1-D8B7-4A56-BC2F-90BDC97322B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "59DE856E-98FF-4B49-BD7F-3E326FEB89EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED34889-9F98-46BC-9176-557484272C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FBC61D-6A08-4DE8-A5E5-A3FC57E7759D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52AEEE6-2364-4CFB-9337-C5CCA54362E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD137160-B80D-4C65-A9A9-CEE12107E3DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E6C2AC8-C21A-4152-AAE6-915ACE65CB5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1956C8F0-EB91-4322-85C1-6BE15AA13703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48DEBEB-0C2D-4F6A-AF63-04990D2FD5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E004FA4-0180-458A-8E8C-8167EF684ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F0A1617-17D1-4C9F-A818-27321FD2FEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86CDC19-43C3-4ACC-94B4-388BCC8A2203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9931A5B-CD0C-43A3-B32D-915FF4AF57D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC69F98-A3B4-4573-AFE4-2069218B3454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4D0137-3515-4857-8E70-4600CD2D4278",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n de argumento en la secuencia de comandos cleanup para cron de Horde Project Horde e IMP anterior a Horde Application Framework 3.1.4 permite a usuarios locales borrar archivos de su elecci\u00f3n y posiblemente obtener privilegios mediante m\u00faltiples nombres de ruta separados por espacios."
    }
  ],
  "id": "CVE-2007-1474",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-16T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2007/000315.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27565"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1406"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22985"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017784"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017785"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0965"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2007/000315.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-11-09 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
References
secalert@redhat.comhttp://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9Patch
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html
secalert@redhat.comhttp://lists.horde.org/archives/announce/2010/000557.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://seclists.org/fulldisclosure/2010/Sep/82Exploit, Patch
secalert@redhat.comhttp://secunia.com/advisories/42140
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=630687
af854a3a-2127-422b-91ae-364da2661108http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2010/000557.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2010/Sep/82Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42140
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=630687
Impacted products
Vendor Product Version
horde horde_application_framework *
horde horde_application_framework 1.0.3
horde horde_application_framework 1.1.1
horde horde_application_framework 1.3.0
horde horde_application_framework 1.3.1
horde horde_application_framework 1.3.2
horde horde_application_framework 1.3.3
horde horde_application_framework 1.3.4
horde horde_application_framework 1.3.5
horde horde_application_framework 2.0
horde horde_application_framework 2.0
horde horde_application_framework 2.0
horde horde_application_framework 2.0
horde horde_application_framework 2.1
horde horde_application_framework 2.2
horde horde_application_framework 2.2.1
horde horde_application_framework 2.2.2
horde horde_application_framework 2.2.3
horde horde_application_framework 2.2.4
horde horde_application_framework 2.2.5
horde horde_application_framework 2.2.6
horde horde_application_framework 2.2.6
horde horde_application_framework 2.2.7
horde horde_application_framework 2.2.8
horde horde_application_framework 2.2.9
horde horde_application_framework 3.0
horde horde_application_framework 3.0
horde horde_application_framework 3.0
horde horde_application_framework 3.0
horde horde_application_framework 3.0
horde horde_application_framework 3.0
horde horde_application_framework 3.0.1
horde horde_application_framework 3.0.2
horde horde_application_framework 3.0.3
horde horde_application_framework 3.0.3
horde horde_application_framework 3.0.4
horde horde_application_framework 3.0.4
horde horde_application_framework 3.0.4
horde horde_application_framework 3.0.5
horde horde_application_framework 3.0.5
horde horde_application_framework 3.0.5
horde horde_application_framework 3.0.6
horde horde_application_framework 3.0.6
horde horde_application_framework 3.0.7
horde horde_application_framework 3.0.8
horde horde_application_framework 3.0.9
horde horde_application_framework 3.0.10
horde horde_application_framework 3.0.11
horde horde_application_framework 3.0.12
horde horde_application_framework 3.1
horde horde_application_framework 3.1
horde horde_application_framework 3.1
horde horde_application_framework 3.1
horde horde_application_framework 3.1.1
horde horde_application_framework 3.1.2
horde horde_application_framework 3.1.3
horde horde_application_framework 3.1.4
horde horde_application_framework 3.1.4
horde horde_application_framework 3.1.5
horde horde_application_framework 3.1.6
horde horde_application_framework 3.1.7
horde horde_application_framework 3.1.8
horde horde_application_framework 3.1.9
horde horde_application_framework 3.2
horde horde_application_framework 3.2
horde horde_application_framework 3.2
horde horde_application_framework 3.2
horde horde_application_framework 3.2
horde horde_application_framework 3.2
horde horde_application_framework 3.2.1
horde horde_application_framework 3.2.2
horde horde_application_framework 3.2.3
horde horde_application_framework 3.2.4
horde horde_application_framework 3.2.5
horde horde_application_framework 3.3
horde horde_application_framework 3.3
horde horde_application_framework 3.3.1
horde horde_application_framework 3.3.2
horde horde_application_framework 3.3.3
horde horde_application_framework 3.3.4
horde horde_application_framework 3.3.4
horde horde_application_framework 3.3.5
horde horde_application_framework 3.3.6
horde horde_application_framework 3.3.7


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6D53EAD-F1D9-40A9-87BA-DCB0AF5123E2",
              "versionEndIncluding": "3.3.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0895A4FC-4755-4125-822D-6D5A81C8EBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8DA68CF-D7EB-48CF-9D2D-43E26A4F0BCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04288C25-9111-44E1-9099-7ED65639A395",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "793768BD-03C9-428A-B8AC-E03FEA65D32A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B50AD460-4240-4A75-8944-21F0D5BA711C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB2DBC9-0934-4BA2-A6E0-CF1BCB1E0E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "362CDCE7-16DA-4951-81ED-5B858126E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D622651E-ECBC-4A88-8AD2-8EB9AA27F348",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C64FB724-0978-48E1-94AA-2ED5281C1C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2188602F-74FC-4252-9D0C-4B6D68ECA850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E8FF53EE-1D8E-450C-92A2-204EA2B7C410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "13ECD794-7621-413B-AC67-FD0072C3F2EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9535A094-9B6F-4E17-8097-D7A6D8936F8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F473B48-F48A-4B6B-8D69-1F97BB6AA923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8E1A7DB-906F-4973-BF1C-EFFA0B595A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD67E143-A9C0-458A-87C5-E6B3C9AC628D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9E6EB8-B5E5-41DF-B5E2-0A97448D16A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BEAB4E-04DA-4EDD-990C-697EA0984291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "142B9B05-955E-4688-AF6E-ED7B4FE41846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "295D48BB-F143-4047-B366-74101AB983CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8359595-A986-4B7D-9AD6-0F03C037B9CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "58431B48-EA29-4A6F-B9FF-C416924E63B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "61064C18-0E45-4790-B323-262287D8DE34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFF25C4-03F2-4D65-ABA9-2406957D546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A7CA2D-A52C-4683-ABD3-B63763B2290E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "E72F0C02-DEF7-4617-AD5D-CB808DEE1CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F1B318B6-6774-4F9D-8BFC-38B259646922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "48540E28-E523-4556-BB13-3F3B9F76E043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7761A879-F736-4D45-AA98-6556946A0CD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "17093F61-EDE4-44C0-9A75-5E2C94B86D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B5DAAF73-EC16-4E7E-AAFA-A23F36312884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E2842743-831D-455C-A319-68A7D604834F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2DF05F67-D172-4569-8839-838B2F84D937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C4C51DE3-C6D8-4A49-9DD2-E45A734A8C2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79D21AFE-DA3C-43D4-B253-B5F2682C00C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E5ADB7BC-7326-4A66-82FE-5B5AB9BAD344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C07F450D-6DF4-48F2-8776-E791BCBD469A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5B2E87-5A29-4EF8-8BCC-1E5AE28BE6EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C55F4BF3-EFA5-4E58-A32C-7DF7F00B74CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7795DE95-4DCE-483D-817A-62250802AEF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1076ED89-666B-4E1A-B90C-1E9C23C70E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "005FB9D3-71C7-4C4B-8D1A-1046A21ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8C2CD4E9-D06D-44FB-9773-29640E456DC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FD9A8696-C91C-467B-A43B-5F2AEFB49A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "2C316222-9E28-4D53-A3FE-A47337782260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17003C82-B711-496C-A2D4-0CC5FB2DCAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B11F13D-5FEC-4090-804A-28D1B2938112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6E3FE20-264A-4496-8FB3-E59A3A38BAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F86A1C7-D369-40A7-BFF3-03AC4F3977F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D49B7214-8BC7-4495-A3C1-4702E5F98DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D45517DB-2F8C-41BB-9453-7B50F2227286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "852EA094-4661-43EA-B715-0524ABA33274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1885E75E-4A0C-4393-A900-E611EEA461BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0202CB6-459E-4867-A220-A248A7D419C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "666F75EF-0B30-476B-B4D3-3465AC85C81E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88BE4BD4-174C-4EC5-BCE7-CA63D1369043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "FB00DEDC-BFCE-4238-BD34-594F075DD11C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F54438D0-C3BB-47BD-BD66-1AEDE08387F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CB30C91F-B3F8-45B8-9F79-7EB643A1FAB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "8B9EC024-FA54-457A-9CAE-E9C5AB990DCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "E94D8DDD-CE4B-4F7D-8699-6D8D979BB354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D32C974-121E-4FAB-8E39-2933C912935F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A02DC9-3602-43B2-8574-15A6D4528142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "61F847C8-7775-4FC0-BBE1-C56DFC3D9A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1ECC0C8-DE09-4079-8476-B0C82ABE980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0465D03-EE78-4D1D-B6F3-0AB6636D8589",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADA6AAC-7511-47F6-B805-A5C48BA4CD11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DBA57981-630B-40A7-A6B3-9443A926BC31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3CB720-A1C0-4E49-BA2C-02283499F252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CE83C51-175E-4FB9-BA2B-505A8B559D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "172260F8-D4E5-470D-84EA-00B88B090A8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "51487521-E1DB-4CD0-9071-C9449EFB681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "880EFFF2-54E1-47B3-A87B-9D7F41505B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA44794C-3D45-4BC8-AEDB-8D98C5BF6214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C047C7A-2338-49D9-8B25-78A25B45788A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "283653B3-00DD-4F9D-AD0E-625564FDE72C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en util/icon_browser.php en el Horde Application Framework anterior a v3.3.9 que permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"subdir\"."
    }
  ],
  "id": "CVE-2010-3077",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-11-09T21:00:04.117",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git\u0026r1=a978a35c3e95e784253508fd4333d2fbb64830b6\u0026r2=9342addbd2b95f184f230773daa4faf5ef6d65e9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2010/000557.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://seclists.org/fulldisclosure/2010/Sep/82"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42140"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git\u0026r1=a978a35c3e95e784253508fd4333d2fbb64830b6\u0026r2=9342addbd2b95f184f230773daa4faf5ef6d65e9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2010/000557.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://seclists.org/fulldisclosure/2010/Sep/82"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-12-13 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
References
cve@mitre.orghttp://lists.horde.org/archives/announce/2005/000238.htmlPatch
cve@mitre.orghttp://secunia.com/advisories/17970Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/19619Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/19897Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20960Vendor Advisory
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1033
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_04_28.html
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_16_sr.html
cve@mitre.orghttp://www.sec-consult.com/245.html
cve@mitre.orghttp://www.securityfocus.com/bid/15802
cve@mitre.orghttp://www.securityfocus.com/bid/15803
cve@mitre.orghttp://www.securityfocus.com/bid/15804
cve@mitre.orghttp://www.securityfocus.com/bid/15806
cve@mitre.orghttp://www.securityfocus.com/bid/15808
cve@mitre.orghttp://www.securityfocus.com/bid/15810
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/2835Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2005/000238.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17970Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19619Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19897Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20960Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1033
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_28.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_16_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.sec-consult.com/245.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15802
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15803
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15804
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15806
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15808
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15810
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/2835Vendor Advisory
Impacted products
Vendor Product Version
horde horde_application_framework 1.0.0
horde horde_application_framework 1.0.2
horde horde_application_framework 1.0.2_1
horde horde_application_framework 1.0.3
horde horde_application_framework 1.0.3_2
horde horde_application_framework 1.0.3_3
horde horde_application_framework 1.0.3_4
horde horde_application_framework 1.0.4
horde horde_application_framework 1.0.5
horde horde_application_framework 1.0.6
horde horde_application_framework 1.0.8
horde horde_application_framework 1.0.9
horde horde_application_framework 1.0.10
horde horde_application_framework 1.0.11
horde horde_application_framework 1.2.0
horde horde_application_framework 1.2.1
horde horde_application_framework 1.2.2
horde horde_application_framework 1.2.3
horde horde_application_framework 1.2.4
horde horde_application_framework 1.2.5
horde horde_application_framework 1.2.6
horde horde_application_framework 1.2.7
horde horde_application_framework 1.2.8
horde horde_application_framework 1.3.3
horde horde_application_framework 1.3.4
horde horde_application_framework 2.0
horde horde_application_framework 2.1
horde horde_application_framework 2.2
horde horde_application_framework 2.2.1
horde horde_application_framework 2.2.3
horde horde_application_framework 2.2.4
horde horde_application_framework 2.2.5
horde horde_application_framework 2.2.6
horde horde_application_framework 2.2.7
horde horde_application_framework 2.2.8
horde horde_application_framework 2.2.9
horde horde_application_framework 3.0.1
horde horde_application_framework 3.0.2
horde horde_application_framework 3.0.3
horde horde_application_framework 3.0.4
horde horde_application_framework 3.0.5
horde horde_application_framework 3.0.6
horde horde_application_framework 3.0.7


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5634E1-5D6B-4F64-99F6-5F650EC2E13B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AF6FC53-D300-4A40-8D82-D174F6472DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.2_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "72E510AF-4FC2-4872-8844-2021CB72BEA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0895A4FC-4755-4125-822D-6D5A81C8EBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3_2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDEA1EC-DBD3-4255-873B-577554888E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D4182B-7A01-49D0-A192-4D67E64AD62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3_4:*:*:*:*:*:*:*",
              "matchCriteriaId": "156B7704-72B9-4A19-A541-382E3362ACC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE22A26-6DF7-4EBA-8D76-24AC69B4ECD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "166F65FA-CF60-48DB-A717-448FB84AD24C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA9E158-EF45-4468-935B-1FFA5C511874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "50B37F3D-920B-4953-BFF3-197ADD554E82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B131407-A29A-4140-A884-FADFE39CDBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6AE0227-3E50-4137-8287-45154AD6AD79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A04BEC0-BFDC-4630-B98D-8924F2336EC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DCEC5BC-19CD-4C86-8963-4969718AEDC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76253CE-3A05-40F2-9AC2-11FA1C83E12A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB6E8FC-E9F2-4194-B877-90ED6BCA8152",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE54204-8E8B-4B3D-BE10-3ECE4DBB8428",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B159D53E-0F6D-41AA-A3D2-B77BA18735CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CD03C5F-423A-475C-8D0C-4F578E93542B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF6B69C-B7E7-4EEA-A18B-2B6969F26A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B94258B3-CC62-41CD-987C-75868208F8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276A013-CCF3-4AF5-973F-FD68CC9E2291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB2DBC9-0934-4BA2-A6E0-CF1BCB1E0E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "362CDCE7-16DA-4951-81ED-5B858126E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C64FB724-0978-48E1-94AA-2ED5281C1C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9535A094-9B6F-4E17-8097-D7A6D8936F8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F473B48-F48A-4B6B-8D69-1F97BB6AA923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8E1A7DB-906F-4973-BF1C-EFFA0B595A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9E6EB8-B5E5-41DF-B5E2-0A97448D16A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BEAB4E-04DA-4EDD-990C-697EA0984291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "142B9B05-955E-4688-AF6E-ED7B4FE41846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "295D48BB-F143-4047-B366-74101AB983CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "58431B48-EA29-4A6F-B9FF-C416924E63B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "61064C18-0E45-4790-B323-262287D8DE34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFF25C4-03F2-4D65-ABA9-2406957D546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Application Framework anteriores a 3.0.8 permiten a usuarios remotos autenticados inyectar HTML o \u0027script\u0027 web de su elecci\u00f3n mediante m\u00faltiples vectores, como se ha demostrado mediante (1) el campo identidad, (2) los campos de b\u00fasqueda \"Category\" y (3) \"Label\", (4) el campo \"Mobile Phone\", y (5) los campos \"Date\" y \"Time\" cuando se importa ficheros CSV, lo cual ha sido explotado mediante m\u00f3dulos como (a) Turba Address Book, (b) Kronolith, (c) Mnemo, y (d) Nag."
    }
  ],
  "id": "CVE-2005-4190",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-13T11:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2005/000238.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17970"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19619"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19897"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20960"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1033"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.sec-consult.com/245.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15802"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15803"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15804"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15806"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15808"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15810"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/2835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2005/000238.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.sec-consult.com/245.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15806"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/2835"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-04-01 15:55
Modified
2025-04-12 10:46
Severity ?
Summary
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
References
cve@mitre.orghttp://seclists.org/oss-sec/2014/q1/153Patch
cve@mitre.orghttp://seclists.org/oss-sec/2014/q1/156Patch
cve@mitre.orghttp://seclists.org/oss-sec/2014/q1/169
cve@mitre.orghttp://www.debian.org/security/2014/dsa-2853
cve@mitre.orghttps://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215
cve@mitre.orghttps://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q1/153Patch
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q1/156Patch
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q1/169
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2853
af854a3a-2127-422b-91ae-364da2661108https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215
af854a3a-2127-422b-91ae-364da2661108https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3Exploit, Patch
Impacted products
Vendor Product Version
horde horde_application_framework *
horde horde_application_framework 5.0.0
horde horde_application_framework 5.0.1
horde horde_application_framework 5.0.2
horde horde_application_framework 5.0.3
horde horde_application_framework 5.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA40D3C0-313C-4622-AD42-9E1422170FD3",
              "versionEndIncluding": "5.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FA8B826-EB7D-4EF8-A886-CC83907C59EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7CB9652-6D7C-4EB1-AC6D-C29C20757FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "320EFF23-CD09-419F-8AC2-1EE5DE4763E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB0209B-CA11-473A-9966-D069845806CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "62DACAFB-3715-4986-BFD8-4939E31E2CE3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form."
    },
    {
      "lang": "es",
      "value": "El script framework/Util/lib/Horde/Variables.php en la librar\u00eda de Util en Horde anterior a 5.1.1 permite a atacantes remotos realizar ataques de inyecci\u00f3n de objetos y ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de un objeto serializado manipulado en el formulario _formvars."
    }
  ],
  "id": "CVE-2014-1691",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-01T15:55:06.363",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2014/q1/153"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2014/q1/156"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/oss-sec/2014/q1/169"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-2853"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2014/q1/153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2014/q1/156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2014/q1/169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-07-13 00:05
Modified
2025-04-03 01:03
Severity ?
Summary
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
References
cve@mitre.orghttp://lists.horde.org/archives/announce/2006/000287.htmlPatch
cve@mitre.orghttp://lists.horde.org/archives/announce/2006/000288.html
cve@mitre.orghttp://moritz-naumann.com/adv/0011/hordemulti/0011.txtExploit
cve@mitre.orghttp://secunia.com/advisories/20954
cve@mitre.orghttp://secunia.com/advisories/21459
cve@mitre.orghttp://secunia.com/advisories/27565
cve@mitre.orghttp://securityreason.com/securityalert/1229
cve@mitre.orghttp://securitytracker.com/id?1016442Exploit
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1406
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_19_sr.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/439255/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/18845Exploit
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/2694
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2006/000287.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2006/000288.html
af854a3a-2127-422b-91ae-364da2661108http://moritz-naumann.com/adv/0011/hordemulti/0011.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20954
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21459
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27565
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1229
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016442Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1406
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_19_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/439255/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18845Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2694
Impacted products
Vendor Product Version
horde horde_application_framework 3.0.0
horde horde_application_framework 3.0.1
horde horde_application_framework 3.0.2
horde horde_application_framework 3.0.3
horde horde_application_framework 3.0.4
horde horde_application_framework 3.0.5
horde horde_application_framework 3.0.6
horde horde_application_framework 3.0.7
horde horde_application_framework 3.0.8
horde horde_application_framework 3.0.9
horde horde_application_framework 3.0.10
horde horde_application_framework 3.1.0
horde horde_application_framework 3.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A5CF62-60DD-4EA7-A6C3-2061548EF1B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C07F450D-6DF4-48F2-8776-E791BCBD469A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5B2E87-5A29-4EF8-8BCC-1E5AE28BE6EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C55F4BF3-EFA5-4E58-A32C-7DF7F00B74CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F504EE-6F8F-4623-9F44-9A1D866DE269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17003C82-B711-496C-A2D4-0CC5FB2DCAC8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform \"Web tunneling\" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server."
    },
    {
      "lang": "es",
      "value": "services/go.php en Horde Application Framework 3.0.0 hasta la 3.0.10 y 3.1.0 hasta la 3.1.1 no  restringe de forma adecuada su capacidad de imagen de proxy, lo cual permite a atacantes remotos llevar a cabo ataques \"Web tunneling\" y utilizar el servidor como un proxy a trav\u00e9s de la URL (1) http, (2) https, y (3) ftp en el par\u00e1metro URL, el cual es respondido desde el servidor."
    }
  ],
  "id": "CVE-2006-3549",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-07-13T00:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2006/000287.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.horde.org/archives/announce/2006/000288.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20954"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21459"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27565"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1229"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1016442"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1406"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/18845"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2006/000287.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.horde.org/archives/announce/2006/000288.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1016442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/18845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2694"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-03-16 21:19
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
References
cve@mitre.orghttp://lists.horde.org/archives/announce/2007/000315.htmlPatch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/24528
cve@mitre.orghttp://secunia.com/advisories/24995
cve@mitre.orghttp://secunia.com/advisories/27565
cve@mitre.orghttp://securityreason.com/securityalert/2427
cve@mitre.orghttp://securitytracker.com/id?1017775
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1406
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_007_suse.html
cve@mitre.orghttp://www.osvdb.org/33084
cve@mitre.orghttp://www.securityfocus.com/archive/1/462915/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/22984
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0965
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/33013
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2007/000315.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24528
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24995
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27565
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2427
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017775
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1406
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_007_suse.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/33084
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/462915/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22984
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0965
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/33013
Impacted products
Vendor Product Version
horde horde_application_framework 1.2.0
horde horde_application_framework 1.2.1
horde horde_application_framework 1.2.2
horde horde_application_framework 1.2.3
horde horde_application_framework 1.2.4
horde horde_application_framework 1.2.5
horde horde_application_framework 1.2.6
horde horde_application_framework 1.2.7
horde horde_application_framework 1.2.8
horde horde_application_framework 1.3.3
horde horde_application_framework 1.3.4
horde horde_application_framework 2.0
horde horde_application_framework 2.1
horde horde_application_framework 2.2
horde horde_application_framework 2.2.1
horde horde_application_framework 2.2.3
horde horde_application_framework 2.2.4
horde horde_application_framework 2.2.5
horde horde_application_framework 2.2.6
horde horde_application_framework 2.2.7
horde horde_application_framework 2.2.8
horde horde_application_framework 2.2.9
horde horde_application_framework 3.0.0
horde horde_application_framework 3.0.1
horde horde_application_framework 3.0.2
horde horde_application_framework 3.0.3
horde horde_application_framework 3.0.4
horde horde_application_framework 3.0.5
horde horde_application_framework 3.0.6
horde horde_application_framework 3.0.7
horde horde_application_framework 3.0.8
horde horde_application_framework 3.0.9
horde horde_application_framework 3.0.10
horde horde_application_framework 3.1.0
horde horde_application_framework 3.1.1
horde horde_application_framework 3.1.2
horde horde_application_framework 3.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DCEC5BC-19CD-4C86-8963-4969718AEDC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76253CE-3A05-40F2-9AC2-11FA1C83E12A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB6E8FC-E9F2-4194-B877-90ED6BCA8152",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE54204-8E8B-4B3D-BE10-3ECE4DBB8428",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B159D53E-0F6D-41AA-A3D2-B77BA18735CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CD03C5F-423A-475C-8D0C-4F578E93542B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF6B69C-B7E7-4EEA-A18B-2B6969F26A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B94258B3-CC62-41CD-987C-75868208F8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276A013-CCF3-4AF5-973F-FD68CC9E2291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB2DBC9-0934-4BA2-A6E0-CF1BCB1E0E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "362CDCE7-16DA-4951-81ED-5B858126E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C64FB724-0978-48E1-94AA-2ED5281C1C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9535A094-9B6F-4E17-8097-D7A6D8936F8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F473B48-F48A-4B6B-8D69-1F97BB6AA923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8E1A7DB-906F-4973-BF1C-EFFA0B595A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9E6EB8-B5E5-41DF-B5E2-0A97448D16A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BEAB4E-04DA-4EDD-990C-697EA0984291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "142B9B05-955E-4688-AF6E-ED7B4FE41846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "295D48BB-F143-4047-B366-74101AB983CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "58431B48-EA29-4A6F-B9FF-C416924E63B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "61064C18-0E45-4790-B323-262287D8DE34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFF25C4-03F2-4D65-ABA9-2406957D546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A5CF62-60DD-4EA7-A6C3-2061548EF1B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C07F450D-6DF4-48F2-8776-E791BCBD469A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5B2E87-5A29-4EF8-8BCC-1E5AE28BE6EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C55F4BF3-EFA5-4E58-A32C-7DF7F00B74CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F504EE-6F8F-4623-9F44-9A1D866DE269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17003C82-B711-496C-A2D4-0CC5FB2DCAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B11F13D-5FEC-4090-804A-28D1B2938112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6E3FE20-264A-4496-8FB3-E59A3A38BAE4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en framework/NLS/NLS.php en Horde Framework anterior a 3.1.4 RC1, cuando la p\u00e1gina de login contiene una caja de elecci\u00f3n de idioma, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro new_lang en login.php."
    }
  ],
  "id": "CVE-2007-1473",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-03-16T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2007/000315.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24528"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24995"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27565"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2427"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017775"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1406"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/33084"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22984"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0965"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2007/000315.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2427"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/33084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-09-17 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "text parts" that are not properly handled in the MIME viewer library (config/mime_drivers.php).
References
cve@mitre.orghttp://bugs.horde.org/ticket/?id=8311
cve@mitre.orghttp://bugs.horde.org/ticket/?id=8399
cve@mitre.orghttp://marc.info/?l=horde-announce&m=125291625030436&w=2Patch
cve@mitre.orghttp://marc.info/?l=horde-announce&m=125292088004087&w=2Patch
cve@mitre.orghttp://marc.info/?l=horde-announce&m=125292314007049&w=2Patch
cve@mitre.orghttp://marc.info/?l=horde-announce&m=125292339907481&w=2Patch
cve@mitre.orghttp://marc.info/?l=horde-announce&m=125294558611682&w=2Patch
cve@mitre.orghttp://marc.info/?l=horde-announce&m=125295852706029&w=2Patch
cve@mitre.orghttp://secunia.com/advisories/36665Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/58108
cve@mitre.orghttp://www.osvdb.org/58109
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/53202
af854a3a-2127-422b-91ae-364da2661108http://bugs.horde.org/ticket/?id=8311
af854a3a-2127-422b-91ae-364da2661108http://bugs.horde.org/ticket/?id=8399
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=horde-announce&m=125291625030436&w=2Patch
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=horde-announce&m=125292088004087&w=2Patch
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=horde-announce&m=125292314007049&w=2Patch
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=horde-announce&m=125292339907481&w=2Patch
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=horde-announce&m=125294558611682&w=2Patch
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=horde-announce&m=125295852706029&w=2Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36665Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/58108
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/58109
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/53202
Impacted products
Vendor Product Version
horde horde_application_framework 3.2
horde horde_application_framework 3.2.1
horde horde_application_framework 3.2.2
horde horde_application_framework 3.2.3
horde horde_application_framework 3.2.4
horde horde_application_framework 3.3
horde horde_application_framework 3.3.1
horde horde_application_framework 3.3.2
horde horde_application_framework 3.3.3
horde horde_application_framework 3.3.4
horde horde_groupware 1.1.1
horde horde_groupware 1.1.2
horde horde_groupware 1.1.3
horde horde_groupware 1.1.4
horde horde_groupware 1.1.5
horde horde_groupware 1.2
horde horde_groupware 1.2.1
horde horde_groupware 1.2.2
horde horde_groupware 1.2.3
horde groupware 1.1
horde groupware 1.1
horde groupware 1.1
horde groupware 1.1
horde groupware 1.1
horde groupware 1.1.1
horde groupware 1.1.2
horde groupware 1.1.3
horde groupware 1.1.4
horde groupware 1.1.6
horde groupware 1.2
horde groupware 1.2
horde groupware 1.2.1
horde groupware 1.2.2
horde groupware 1.2.3
horde groupware 1.2.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88BE4BD4-174C-4EC5-BCE7-CA63D1369043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D32C974-121E-4FAB-8E39-2933C912935F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A02DC9-3602-43B2-8574-15A6D4528142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "61F847C8-7775-4FC0-BBE1-C56DFC3D9A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1ECC0C8-DE09-4079-8476-B0C82ABE980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADA6AAC-7511-47F6-B805-A5C48BA4CD11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3CB720-A1C0-4E49-BA2C-02283499F252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CE83C51-175E-4FB9-BA2B-505A8B559D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "172260F8-D4E5-470D-84EA-00B88B090A8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "51487521-E1DB-4CD0-9071-C9449EFB681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_groupware:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26FB18AE-EDA5-48DF-9592-9970FFD3C72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_groupware:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "30FF79BF-E978-49BF-BF07-DF4A75C6E52F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_groupware:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "633B142D-AAF2-49EE-B152-C1C4524E4543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_groupware:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8CFFA11-C38E-4F92-8BF2-223B97911E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_groupware:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4151CC-DC68-4883-91E2-712D9FD0C160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_groupware:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F359B33-A791-4792-9CD3-BA551F1291DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_groupware:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F105C6-75E5-4BD8-A7A2-0DB31B6F5498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_groupware:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2187B702-3598-4353-81AA-EBDCC3E48A97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_groupware:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D84C54-EAFF-4368-ADEF-589F95EA6BD5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6BBB036-494E-41D4-BD04-40906FAB5C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "37B76B27-ADF0-4E88-B92C-304FB38A356E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "965F245A-879A-4DF0-ABC5-588E78C4CBBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3DCB29F9-3875-4264-8117-5751FEDC3350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "59FC250F-EF0B-4604-99A2-3EEB8B2DEB77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C10E681-5D2B-4EA4-B8E1-C0CA4FC9D3FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19CC5154-42C5-4877-9147-5DFD61BD5CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AAEBBF-1696-4EAC-8837-68A03C2D2F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F626876D-99FC-4DE0-BEE0-35874C4E25F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF1A6AE-0748-476B-ACE2-DA43A9443B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB711B5E-9011-4BA2-917A-DB8545705E23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "50DC1068-F426-497F-A5A0-E032BC3816F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C5A176-8C72-40EA-85AC-F11B40FD53A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB4C3487-4556-47E5-8BF3-1DEDF0E9AFEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F24E43-491B-4AD1-B905-66F7FC6DA98D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F577A169-8354-4218-B3C6-04DA4BDF1E3C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME \"text parts\" that are not properly handled in the MIME viewer library (config/mime_drivers.php)."
    },
    {
      "lang": "es",
      "value": "M\u00faltiple vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Horde Application Framework desde v3.2 anteriores a v3.2.5 y desde v3.3 anteriores a v3.3.5; Groupware desde v1.1 anteriores a v1.1.6 y 1.2 anteriores a  v1.2.4; y Groupware Webmail Edition desde v1.1 anteriores a v1.1.6 y desde v1.2 anteriores a v1.2.4; permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s de (1) preferencias num\u00e9ricas manipuladas que no han sido adecuadamente gestionadas en el sistema de preferencias (services/prefs.php), como quedo demostrado por el par\u00e1metro sidebar_width o (2) \"fragmentos de texto\" MIME desconocidos manipulados que no son gestionados adecuadamente por la librer\u00eda de visor de MIME (config/mime_drivers.php)."
    }
  ],
  "id": "CVE-2009-3237",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-17T10:30:01.390",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.horde.org/ticket/?id=8311"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.horde.org/ticket/?id=8399"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36665"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/58108"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/58109"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.horde.org/ticket/?id=8311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.horde.org/ticket/?id=8399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/58108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/58109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-11-19 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
References
cve@mitre.orghttp://lists.horde.org/archives/announce/2015/001124.htmlVendor Advisory
cve@mitre.orghttp://lists.horde.org/archives/announce/2015/001137.htmlVendor Advisory
cve@mitre.orghttp://lists.horde.org/archives/announce/2015/001138.htmlVendor Advisory
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3391Third Party Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/38765/Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.htbridge.com/advisory/HTB23272Exploit
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2015/001124.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2015/001137.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2015/001138.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3391Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/38765/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.htbridge.com/advisory/HTB23272Exploit
Impacted products
Vendor Product Version
horde groupware *
horde groupware *
horde horde_application_framework *
debian debian_linux 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7D0049-BC4B-4AAB-88A9-29B4DF202DAD",
              "versionEndExcluding": "5.2.11",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:*:*:*:*:webmail:*:*:*",
              "matchCriteriaId": "A718E8E7-A300-4753-B2E6-02C41ED796DD",
              "versionEndExcluding": "5.2.11",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C998570-A707-4AE9-AB33-11455C9262B5",
              "versionEndExcluding": "5.2.8",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de CSRF en Horde en versiones anteriores a 5.2.8, Horde Groupware en versiones anteriores a 5.2.11 y Horde Groupware Webmail Edition en versiones anteriores a 5.2.11 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que ejecutan (1) comandos a trav\u00e9s del par\u00e1metro cmd a admin/cmdshell.php, (2) consultas SQL a trav\u00e9s del par\u00e1metro sql a admin/sqlshell.php o (3) c\u00f3digo PHP a trav\u00e9s del par\u00e1metro php a admin/phpshell.php arbitrarios."
    }
  ],
  "id": "CVE-2015-7984",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-11-19T20:59:09.223",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2015/001124.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2015/001137.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2015/001138.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3391"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/38765/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.com/advisory/HTB23272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2015/001124.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2015/001137.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2015/001138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/38765/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.com/advisory/HTB23272"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-11-09 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html
secalert@redhat.comhttp://lists.horde.org/archives/announce/2010/000557.htmlPatch
secalert@redhat.comhttp://secunia.com/advisories/42140
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=630687
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2010/000557.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42140
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=630687
Impacted products
Vendor Product Version
horde horde_application_framework *
horde horde_application_framework 1.0.3
horde horde_application_framework 1.1.1
horde horde_application_framework 1.3.0
horde horde_application_framework 1.3.1
horde horde_application_framework 1.3.2
horde horde_application_framework 1.3.3
horde horde_application_framework 1.3.4
horde horde_application_framework 1.3.5
horde horde_application_framework 2.0
horde horde_application_framework 2.0
horde horde_application_framework 2.0
horde horde_application_framework 2.0
horde horde_application_framework 2.1
horde horde_application_framework 2.2
horde horde_application_framework 2.2.1
horde horde_application_framework 2.2.2
horde horde_application_framework 2.2.3
horde horde_application_framework 2.2.4
horde horde_application_framework 2.2.5
horde horde_application_framework 2.2.6
horde horde_application_framework 2.2.6
horde horde_application_framework 2.2.7
horde horde_application_framework 2.2.8
horde horde_application_framework 2.2.9
horde horde_application_framework 3.0
horde horde_application_framework 3.0
horde horde_application_framework 3.0
horde horde_application_framework 3.0
horde horde_application_framework 3.0
horde horde_application_framework 3.0
horde horde_application_framework 3.0.1
horde horde_application_framework 3.0.2
horde horde_application_framework 3.0.3
horde horde_application_framework 3.0.3
horde horde_application_framework 3.0.4
horde horde_application_framework 3.0.4
horde horde_application_framework 3.0.4
horde horde_application_framework 3.0.5
horde horde_application_framework 3.0.5
horde horde_application_framework 3.0.5
horde horde_application_framework 3.0.6
horde horde_application_framework 3.0.6
horde horde_application_framework 3.0.7
horde horde_application_framework 3.0.8
horde horde_application_framework 3.0.9
horde horde_application_framework 3.0.10
horde horde_application_framework 3.0.11
horde horde_application_framework 3.0.12
horde horde_application_framework 3.1
horde horde_application_framework 3.1
horde horde_application_framework 3.1
horde horde_application_framework 3.1
horde horde_application_framework 3.1.1
horde horde_application_framework 3.1.2
horde horde_application_framework 3.1.3
horde horde_application_framework 3.1.4
horde horde_application_framework 3.1.4
horde horde_application_framework 3.1.5
horde horde_application_framework 3.1.6
horde horde_application_framework 3.1.7
horde horde_application_framework 3.1.8
horde horde_application_framework 3.1.9
horde horde_application_framework 3.2
horde horde_application_framework 3.2
horde horde_application_framework 3.2
horde horde_application_framework 3.2
horde horde_application_framework 3.2
horde horde_application_framework 3.2
horde horde_application_framework 3.2.1
horde horde_application_framework 3.2.2
horde horde_application_framework 3.2.3
horde horde_application_framework 3.2.4
horde horde_application_framework 3.2.5
horde horde_application_framework 3.3
horde horde_application_framework 3.3
horde horde_application_framework 3.3.1
horde horde_application_framework 3.3.2
horde horde_application_framework 3.3.3
horde horde_application_framework 3.3.4
horde horde_application_framework 3.3.4
horde horde_application_framework 3.3.5
horde horde_application_framework 3.3.6
horde horde_application_framework 3.3.7


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6D53EAD-F1D9-40A9-87BA-DCB0AF5123E2",
              "versionEndIncluding": "3.3.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0895A4FC-4755-4125-822D-6D5A81C8EBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8DA68CF-D7EB-48CF-9D2D-43E26A4F0BCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04288C25-9111-44E1-9099-7ED65639A395",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "793768BD-03C9-428A-B8AC-E03FEA65D32A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B50AD460-4240-4A75-8944-21F0D5BA711C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB2DBC9-0934-4BA2-A6E0-CF1BCB1E0E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "362CDCE7-16DA-4951-81ED-5B858126E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D622651E-ECBC-4A88-8AD2-8EB9AA27F348",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C64FB724-0978-48E1-94AA-2ED5281C1C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2188602F-74FC-4252-9D0C-4B6D68ECA850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E8FF53EE-1D8E-450C-92A2-204EA2B7C410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "13ECD794-7621-413B-AC67-FD0072C3F2EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9535A094-9B6F-4E17-8097-D7A6D8936F8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F473B48-F48A-4B6B-8D69-1F97BB6AA923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8E1A7DB-906F-4973-BF1C-EFFA0B595A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD67E143-A9C0-458A-87C5-E6B3C9AC628D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9E6EB8-B5E5-41DF-B5E2-0A97448D16A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BEAB4E-04DA-4EDD-990C-697EA0984291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "142B9B05-955E-4688-AF6E-ED7B4FE41846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "295D48BB-F143-4047-B366-74101AB983CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8359595-A986-4B7D-9AD6-0F03C037B9CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "58431B48-EA29-4A6F-B9FF-C416924E63B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "61064C18-0E45-4790-B323-262287D8DE34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFF25C4-03F2-4D65-ABA9-2406957D546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A7CA2D-A52C-4683-ABD3-B63763B2290E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "E72F0C02-DEF7-4617-AD5D-CB808DEE1CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F1B318B6-6774-4F9D-8BFC-38B259646922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "48540E28-E523-4556-BB13-3F3B9F76E043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7761A879-F736-4D45-AA98-6556946A0CD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "17093F61-EDE4-44C0-9A75-5E2C94B86D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B5DAAF73-EC16-4E7E-AAFA-A23F36312884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E2842743-831D-455C-A319-68A7D604834F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2DF05F67-D172-4569-8839-838B2F84D937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C4C51DE3-C6D8-4A49-9DD2-E45A734A8C2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79D21AFE-DA3C-43D4-B253-B5F2682C00C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E5ADB7BC-7326-4A66-82FE-5B5AB9BAD344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C07F450D-6DF4-48F2-8776-E791BCBD469A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5B2E87-5A29-4EF8-8BCC-1E5AE28BE6EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C55F4BF3-EFA5-4E58-A32C-7DF7F00B74CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7795DE95-4DCE-483D-817A-62250802AEF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1076ED89-666B-4E1A-B90C-1E9C23C70E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "005FB9D3-71C7-4C4B-8D1A-1046A21ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8C2CD4E9-D06D-44FB-9773-29640E456DC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FD9A8696-C91C-467B-A43B-5F2AEFB49A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "2C316222-9E28-4D53-A3FE-A47337782260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17003C82-B711-496C-A2D4-0CC5FB2DCAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B11F13D-5FEC-4090-804A-28D1B2938112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6E3FE20-264A-4496-8FB3-E59A3A38BAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F86A1C7-D369-40A7-BFF3-03AC4F3977F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D49B7214-8BC7-4495-A3C1-4702E5F98DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D45517DB-2F8C-41BB-9453-7B50F2227286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "852EA094-4661-43EA-B715-0524ABA33274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1885E75E-4A0C-4393-A900-E611EEA461BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0202CB6-459E-4867-A220-A248A7D419C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "666F75EF-0B30-476B-B4D3-3465AC85C81E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88BE4BD4-174C-4EC5-BCE7-CA63D1369043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "FB00DEDC-BFCE-4238-BD34-594F075DD11C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F54438D0-C3BB-47BD-BD66-1AEDE08387F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CB30C91F-B3F8-45B8-9F79-7EB643A1FAB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "8B9EC024-FA54-457A-9CAE-E9C5AB990DCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "E94D8DDD-CE4B-4F7D-8699-6D8D979BB354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D32C974-121E-4FAB-8E39-2933C912935F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A02DC9-3602-43B2-8574-15A6D4528142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "61F847C8-7775-4FC0-BBE1-C56DFC3D9A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1ECC0C8-DE09-4079-8476-B0C82ABE980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0465D03-EE78-4D1D-B6F3-0AB6636D8589",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADA6AAC-7511-47F6-B805-A5C48BA4CD11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DBA57981-630B-40A7-A6B3-9443A926BC31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3CB720-A1C0-4E49-BA2C-02283499F252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CE83C51-175E-4FB9-BA2B-505A8B559D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "172260F8-D4E5-470D-84EA-00B88B090A8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "51487521-E1DB-4CD0-9071-C9449EFB681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "880EFFF2-54E1-47B3-A87B-9D7F41505B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA44794C-3D45-4BC8-AEDB-8D98C5BF6214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C047C7A-2338-49D9-8B25-78A25B45788A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde_application_framework:3.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "283653B3-00DD-4F9D-AD0E-625564FDE72C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en  Horde Application Framework anterior a v3.3.9 permite a los atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas sin especificar en peticiones a un formulario preferente."
    }
  ],
  "id": "CVE-2010-3694",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-11-09T21:00:04.163",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2010/000557.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42140"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2010/000557.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-3077 (GCVE-0-2010-3077)
Vulnerability from cvelistv5
Published
2010-11-09 20:00
Modified
2024-08-07 02:55
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
References
https://bugzilla.redhat.com/show_bug.cgi?id=630687x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2010/Sep/82mailing-list, x_refsource_FULLDISC
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.htmlvendor-advisory, x_refsource_FEDORA
http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/42140third-party-advisory, x_refsource_SECUNIA
http://lists.horde.org/archives/announce/2010/000557.htmlmailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.720Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
          },
          {
            "name": "20100906 XSS in Horde Application Framework \u003c=3.3.8, icon_browser.php",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2010/Sep/82"
          },
          {
            "name": "FEDORA-2010-16592",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git\u0026r1=a978a35c3e95e784253508fd4333d2fbb64830b6\u0026r2=9342addbd2b95f184f230773daa4faf5ef6d65e9"
          },
          {
            "name": "FEDORA-2010-16555",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
          },
          {
            "name": "42140",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42140"
          },
          {
            "name": "[announce] 20100928 Horde 3.3.9 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2010/000557.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-07-12T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
        },
        {
          "name": "20100906 XSS in Horde Application Framework \u003c=3.3.8, icon_browser.php",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2010/Sep/82"
        },
        {
          "name": "FEDORA-2010-16592",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git\u0026r1=a978a35c3e95e784253508fd4333d2fbb64830b6\u0026r2=9342addbd2b95f184f230773daa4faf5ef6d65e9"
        },
        {
          "name": "FEDORA-2010-16555",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
        },
        {
          "name": "42140",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42140"
        },
        {
          "name": "[announce] 20100928 Horde 3.3.9 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2010/000557.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-3077",
    "datePublished": "2010-11-09T20:00:00",
    "dateReserved": "2010-08-20T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7984 (GCVE-0-2015-7984)
Vulnerability from cvelistv5
Published
2015-11-19 20:00
Modified
2024-08-06 08:06
Severity ?
CWE
  • n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
References
http://lists.horde.org/archives/announce/2015/001124.htmlmailing-list, x_refsource_MLIST
http://lists.horde.org/archives/announce/2015/001138.htmlmailing-list, x_refsource_MLIST
https://www.exploit-db.com/exploits/38765/exploit, x_refsource_EXPLOIT-DB
http://www.debian.org/security/2015/dsa-3391vendor-advisory, x_refsource_DEBIAN
http://lists.horde.org/archives/announce/2015/001137.htmlmailing-list, x_refsource_MLIST
https://www.htbridge.com/advisory/HTB23272x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2015/001124.html"
          },
          {
            "name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2015/001138.html"
          },
          {
            "name": "38765",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/38765/"
          },
          {
            "name": "DSA-3391",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3391"
          },
          {
            "name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2015/001137.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.htbridge.com/advisory/HTB23272"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T22:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2015/001124.html"
        },
        {
          "name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2015/001138.html"
        },
        {
          "name": "38765",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/38765/"
        },
        {
          "name": "DSA-3391",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3391"
        },
        {
          "name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2015/001137.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.htbridge.com/advisory/HTB23272"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
              "refsource": "MLIST",
              "url": "http://lists.horde.org/archives/announce/2015/001124.html"
            },
            {
              "name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
              "refsource": "MLIST",
              "url": "http://lists.horde.org/archives/announce/2015/001138.html"
            },
            {
              "name": "38765",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/38765/"
            },
            {
              "name": "DSA-3391",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3391"
            },
            {
              "name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
              "refsource": "MLIST",
              "url": "http://lists.horde.org/archives/announce/2015/001137.html"
            },
            {
              "name": "https://www.htbridge.com/advisory/HTB23272",
              "refsource": "MISC",
              "url": "https://www.htbridge.com/advisory/HTB23272"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7984",
    "datePublished": "2015-11-19T20:00:00",
    "dateReserved": "2015-10-26T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3694 (GCVE-0-2010-3694)
Vulnerability from cvelistv5
Published
2010-11-09 20:00
Modified
2024-08-07 03:18
Severity ?
CWE
  • n/a
Summary
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
References
https://bugzilla.redhat.com/show_bug.cgi?id=630687x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.htmlvendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/42140third-party-advisory, x_refsource_SECUNIA
http://lists.horde.org/archives/announce/2010/000557.htmlmailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:52.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
          },
          {
            "name": "FEDORA-2010-16592",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
          },
          {
            "name": "FEDORA-2010-16555",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
          },
          {
            "name": "42140",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42140"
          },
          {
            "name": "[announce] 20100928 Horde 3.3.9 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2010/000557.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-07-12T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630687"
        },
        {
          "name": "FEDORA-2010-16592",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html"
        },
        {
          "name": "FEDORA-2010-16555",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html"
        },
        {
          "name": "42140",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42140"
        },
        {
          "name": "[announce] 20100928 Horde 3.3.9 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2010/000557.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-3694",
    "datePublished": "2010-11-09T20:00:00",
    "dateReserved": "2010-10-01T00:00:00",
    "dateUpdated": "2024-08-07T03:18:52.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-3237 (GCVE-0-2009-3237)
Vulnerability from cvelistv5
Published
2009-09-17 10:00
Modified
2024-08-07 06:22
Severity ?
CWE
  • n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "text parts" that are not properly handled in the MIME viewer library (config/mime_drivers.php).
References
http://marc.info/?l=horde-announce&m=125294558611682&w=2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/36665third-party-advisory, x_refsource_SECUNIA
http://bugs.horde.org/ticket/?id=8311x_refsource_CONFIRM
http://bugs.horde.org/ticket/?id=8399x_refsource_CONFIRM
http://marc.info/?l=horde-announce&m=125292314007049&w=2mailing-list, x_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilities/53202vdb-entry, x_refsource_XF
http://www.osvdb.org/58109vdb-entry, x_refsource_OSVDB
http://marc.info/?l=horde-announce&m=125295852706029&w=2mailing-list, x_refsource_MLIST
http://www.osvdb.org/58108vdb-entry, x_refsource_OSVDB
http://marc.info/?l=horde-announce&m=125291625030436&w=2mailing-list, x_refsource_MLIST
http://marc.info/?l=horde-announce&m=125292339907481&w=2mailing-list, x_refsource_MLIST
http://marc.info/?l=horde-announce&m=125292088004087&w=2mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:22:23.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
          },
          {
            "name": "36665",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36665"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.horde.org/ticket/?id=8311"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.horde.org/ticket/?id=8399"
          },
          {
            "name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
          },
          {
            "name": "horde-mimeviewer-xss(53200)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
          },
          {
            "name": "58109",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/58109"
          },
          {
            "name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
          },
          {
            "name": "58108",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/58108"
          },
          {
            "name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
          },
          {
            "name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
          },
          {
            "name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME \"text parts\" that are not properly handled in the MIME viewer library (config/mime_drivers.php)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
        },
        {
          "name": "36665",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36665"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.horde.org/ticket/?id=8311"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.horde.org/ticket/?id=8399"
        },
        {
          "name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
        },
        {
          "name": "horde-mimeviewer-xss(53200)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
        },
        {
          "name": "58109",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/58109"
        },
        {
          "name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
        },
        {
          "name": "58108",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/58108"
        },
        {
          "name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
        },
        {
          "name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
        },
        {
          "name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3237",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME \"text parts\" that are not properly handled in the MIME viewer library (config/mime_drivers.php)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
            },
            {
              "name": "36665",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36665"
            },
            {
              "name": "http://bugs.horde.org/ticket/?id=8311",
              "refsource": "CONFIRM",
              "url": "http://bugs.horde.org/ticket/?id=8311"
            },
            {
              "name": "http://bugs.horde.org/ticket/?id=8399",
              "refsource": "CONFIRM",
              "url": "http://bugs.horde.org/ticket/?id=8399"
            },
            {
              "name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
            },
            {
              "name": "horde-mimeviewer-xss(53200)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
            },
            {
              "name": "58109",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/58109"
            },
            {
              "name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
            },
            {
              "name": "58108",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/58108"
            },
            {
              "name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
            },
            {
              "name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
            },
            {
              "name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3237",
    "datePublished": "2009-09-17T10:00:00",
    "dateReserved": "2009-09-16T00:00:00",
    "dateUpdated": "2024-08-07T06:22:23.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1473 (GCVE-0-2007-1473)
Vulnerability from cvelistv5
Published
2007-03-16 21:00
Modified
2024-08-07 12:59
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
References
http://www.securityfocus.com/archive/1/462915/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.novell.com/linux/security/advisories/2007_007_suse.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/24528third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24995third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27565third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/33013vdb-entry, x_refsource_XF
http://securityreason.com/securityalert/2427third-party-advisory, x_refsource_SREASON
http://securitytracker.com/id?1017775vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/22984vdb-entry, x_refsource_BID
http://www.osvdb.org/33084vdb-entry, x_refsource_OSVDB
http://www.debian.org/security/2007/dsa-1406vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2007/0965vdb-entry, x_refsource_VUPEN
http://lists.horde.org/archives/announce/2007/000315.htmlmailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:59:08.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070315 Horde 3.1.4 (RC1) fixes XSS issue",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
          },
          {
            "name": "SUSE-SR:2007:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
          },
          {
            "name": "24528",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24528"
          },
          {
            "name": "24995",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24995"
          },
          {
            "name": "27565",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27565"
          },
          {
            "name": "horde-login-xss(33013)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
          },
          {
            "name": "2427",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2427"
          },
          {
            "name": "1017775",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017775"
          },
          {
            "name": "22984",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22984"
          },
          {
            "name": "33084",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/33084"
          },
          {
            "name": "DSA-1406",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1406"
          },
          {
            "name": "ADV-2007-0965",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0965"
          },
          {
            "name": "[announce] 20070314 Horde 3.1.4 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2007/000315.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070315 Horde 3.1.4 (RC1) fixes XSS issue",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
        },
        {
          "name": "SUSE-SR:2007:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
        },
        {
          "name": "24528",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24528"
        },
        {
          "name": "24995",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24995"
        },
        {
          "name": "27565",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27565"
        },
        {
          "name": "horde-login-xss(33013)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
        },
        {
          "name": "2427",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2427"
        },
        {
          "name": "1017775",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017775"
        },
        {
          "name": "22984",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22984"
        },
        {
          "name": "33084",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/33084"
        },
        {
          "name": "DSA-1406",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1406"
        },
        {
          "name": "ADV-2007-0965",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0965"
        },
        {
          "name": "[announce] 20070314 Horde 3.1.4 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2007/000315.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1473",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070315 Horde 3.1.4 (RC1) fixes XSS issue",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/462915/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2007:007",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
            },
            {
              "name": "24528",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24528"
            },
            {
              "name": "24995",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24995"
            },
            {
              "name": "27565",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27565"
            },
            {
              "name": "horde-login-xss(33013)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33013"
            },
            {
              "name": "2427",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2427"
            },
            {
              "name": "1017775",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017775"
            },
            {
              "name": "22984",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22984"
            },
            {
              "name": "33084",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/33084"
            },
            {
              "name": "DSA-1406",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1406"
            },
            {
              "name": "ADV-2007-0965",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0965"
            },
            {
              "name": "[announce] 20070314 Horde 3.1.4 (final)",
              "refsource": "MLIST",
              "url": "http://lists.horde.org/archives/announce/2007/000315.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1473",
    "datePublished": "2007-03-16T21:00:00",
    "dateReserved": "2007-03-16T00:00:00",
    "dateUpdated": "2024-08-07T12:59:08.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-1691 (GCVE-0-2014-1691)
Vulnerability from cvelistv5
Published
2014-04-01 15:00
Modified
2024-08-06 09:50
Severity ?
CWE
  • n/a
Summary
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
References
https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215x_refsource_CONFIRM
http://seclists.org/oss-sec/2014/q1/156mailing-list, x_refsource_MLIST
http://seclists.org/oss-sec/2014/q1/153mailing-list, x_refsource_MLIST
http://seclists.org/oss-sec/2014/q1/169mailing-list, x_refsource_MLIST
http://www.debian.org/security/2014/dsa-2853vendor-advisory, x_refsource_DEBIAN
https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:50:10.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
          },
          {
            "name": "[oss-security] 20140128  Re: Remote code execution in horde \u003c 5.1.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q1/156"
          },
          {
            "name": "[oss-security] 20140128  Remote code execution in horde \u003c 5.1.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q1/153"
          },
          {
            "name": "[oss-security] 20140129  Re: Remote code execution in horde \u003c 5.1.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q1/169"
          },
          {
            "name": "DSA-2853",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2853"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-04-01T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
        },
        {
          "name": "[oss-security] 20140128  Re: Remote code execution in horde \u003c 5.1.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q1/156"
        },
        {
          "name": "[oss-security] 20140128  Remote code execution in horde \u003c 5.1.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q1/153"
        },
        {
          "name": "[oss-security] 20140129  Re: Remote code execution in horde \u003c 5.1.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q1/169"
        },
        {
          "name": "DSA-2853",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2853"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-1691",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215",
              "refsource": "CONFIRM",
              "url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215"
            },
            {
              "name": "[oss-security] 20140128  Re: Remote code execution in horde \u003c 5.1.1",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q1/156"
            },
            {
              "name": "[oss-security] 20140128  Remote code execution in horde \u003c 5.1.1",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q1/153"
            },
            {
              "name": "[oss-security] 20140129  Re: Remote code execution in horde \u003c 5.1.1",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q1/169"
            },
            {
              "name": "DSA-2853",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2853"
            },
            {
              "name": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3",
              "refsource": "CONFIRM",
              "url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-1691",
    "datePublished": "2014-04-01T15:00:00",
    "dateReserved": "2014-01-28T00:00:00",
    "dateUpdated": "2024-08-06T09:50:10.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-3549 (GCVE-0-2006-3549)
Vulnerability from cvelistv5
Published
2006-07-13 00:00
Modified
2024-08-07 18:30
Severity ?
CWE
  • n/a
Summary
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
References
http://lists.horde.org/archives/announce/2006/000287.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/18845vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2006/2694vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21459third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_19_sr.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/27565third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016442vdb-entry, x_refsource_SECTRACK
http://lists.horde.org/archives/announce/2006/000288.htmlx_refsource_CONFIRM
http://securityreason.com/securityalert/1229third-party-advisory, x_refsource_SREASON
http://moritz-naumann.com/adv/0011/hordemulti/0011.txtx_refsource_MISC
http://www.debian.org/security/2007/dsa-1406vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/20954third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/439255/100/0/threadedmailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:34.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2006/000287.html"
          },
          {
            "name": "18845",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18845"
          },
          {
            "name": "ADV-2006-2694",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2694"
          },
          {
            "name": "21459",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21459"
          },
          {
            "name": "SUSE-SR:2006:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
          },
          {
            "name": "27565",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27565"
          },
          {
            "name": "1016442",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016442"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2006/000288.html"
          },
          {
            "name": "1229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1229"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
          },
          {
            "name": "DSA-1406",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1406"
          },
          {
            "name": "20954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20954"
          },
          {
            "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform \"Web tunneling\" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.horde.org/archives/announce/2006/000287.html"
        },
        {
          "name": "18845",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18845"
        },
        {
          "name": "ADV-2006-2694",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2694"
        },
        {
          "name": "21459",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21459"
        },
        {
          "name": "SUSE-SR:2006:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
        },
        {
          "name": "27565",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27565"
        },
        {
          "name": "1016442",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016442"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.horde.org/archives/announce/2006/000288.html"
        },
        {
          "name": "1229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1229"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
        },
        {
          "name": "DSA-1406",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1406"
        },
        {
          "name": "20954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20954"
        },
        {
          "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3549",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform \"Web tunneling\" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.horde.org/archives/announce/2006/000287.html",
              "refsource": "CONFIRM",
              "url": "http://lists.horde.org/archives/announce/2006/000287.html"
            },
            {
              "name": "18845",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18845"
            },
            {
              "name": "ADV-2006-2694",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2694"
            },
            {
              "name": "21459",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21459"
            },
            {
              "name": "SUSE-SR:2006:019",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
            },
            {
              "name": "27565",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27565"
            },
            {
              "name": "1016442",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016442"
            },
            {
              "name": "http://lists.horde.org/archives/announce/2006/000288.html",
              "refsource": "CONFIRM",
              "url": "http://lists.horde.org/archives/announce/2006/000288.html"
            },
            {
              "name": "1229",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1229"
            },
            {
              "name": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt",
              "refsource": "MISC",
              "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
            },
            {
              "name": "DSA-1406",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1406"
            },
            {
              "name": "20954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20954"
            },
            {
              "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3549",
    "datePublished": "2006-07-13T00:00:00",
    "dateReserved": "2006-07-12T00:00:00",
    "dateUpdated": "2024-08-07T18:30:34.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1474 (GCVE-0-2007-1474)
Vulnerability from cvelistv5
Published
2007-03-16 21:00
Modified
2024-08-07 12:59
Severity ?
CWE
  • n/a
Summary
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.
References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489third-party-advisory, x_refsource_IDEFENSE
http://www.securitytracker.com/id?1017784vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/27565third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/32997vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/22985vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1017785vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2007/dsa-1406vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2007/0965vdb-entry, x_refsource_VUPEN
http://lists.horde.org/archives/announce/2007/000315.htmlmailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:59:08.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
          },
          {
            "name": "1017784",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017784"
          },
          {
            "name": "27565",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27565"
          },
          {
            "name": "horde-cron-file-deletion(32997)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
          },
          {
            "name": "22985",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22985"
          },
          {
            "name": "1017785",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017785"
          },
          {
            "name": "DSA-1406",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1406"
          },
          {
            "name": "ADV-2007-0965",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0965"
          },
          {
            "name": "[announce] 20070314 Horde 3.1.4 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2007/000315.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
        },
        {
          "name": "1017784",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017784"
        },
        {
          "name": "27565",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27565"
        },
        {
          "name": "horde-cron-file-deletion(32997)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
        },
        {
          "name": "22985",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22985"
        },
        {
          "name": "1017785",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017785"
        },
        {
          "name": "DSA-1406",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1406"
        },
        {
          "name": "ADV-2007-0965",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0965"
        },
        {
          "name": "[announce] 20070314 Horde 3.1.4 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2007/000315.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1474",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489"
            },
            {
              "name": "1017784",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017784"
            },
            {
              "name": "27565",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27565"
            },
            {
              "name": "horde-cron-file-deletion(32997)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997"
            },
            {
              "name": "22985",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22985"
            },
            {
              "name": "1017785",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017785"
            },
            {
              "name": "DSA-1406",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1406"
            },
            {
              "name": "ADV-2007-0965",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0965"
            },
            {
              "name": "[announce] 20070314 Horde 3.1.4 (final)",
              "refsource": "MLIST",
              "url": "http://lists.horde.org/archives/announce/2007/000315.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1474",
    "datePublished": "2007-03-16T21:00:00",
    "dateReserved": "2007-03-16T00:00:00",
    "dateUpdated": "2024-08-07T12:59:08.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-4190 (GCVE-0-2005-4190)
Vulnerability from cvelistv5
Published
2005-12-13 11:00
Modified
2024-08-07 23:38
Severity ?
CWE
  • n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
References
http://www.securityfocus.com/bid/15810vdb-entry, x_refsource_BID
http://www.securityfocus.com/bid/15806vdb-entry, x_refsource_BID
http://www.securityfocus.com/bid/15808vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2005/2835vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/15804vdb-entry, x_refsource_BID
http://www.securityfocus.com/bid/15803vdb-entry, x_refsource_BID
http://secunia.com/advisories/19619third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1033vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2006_16_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/15802vdb-entry, x_refsource_BID
http://secunia.com/advisories/17970third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20960third-party-advisory, x_refsource_SECUNIA
http://www.sec-consult.com/245.htmlx_refsource_MISC
http://lists.horde.org/archives/announce/2005/000238.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/19897third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_04_28.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:38:51.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "15810",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15810"
          },
          {
            "name": "15806",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15806"
          },
          {
            "name": "15808",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15808"
          },
          {
            "name": "ADV-2005-2835",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2835"
          },
          {
            "name": "15804",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15804"
          },
          {
            "name": "15803",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15803"
          },
          {
            "name": "19619",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19619"
          },
          {
            "name": "DSA-1033",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1033"
          },
          {
            "name": "SUSE-SR:2006:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
          },
          {
            "name": "15802",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15802"
          },
          {
            "name": "17970",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17970"
          },
          {
            "name": "20960",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20960"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sec-consult.com/245.html"
          },
          {
            "name": "[horde-announce] 20051211 Horde 3.0.8 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2005/000238.html"
          },
          {
            "name": "19897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19897"
          },
          {
            "name": "SUSE-SR:2006:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-12-16T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "15810",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15810"
        },
        {
          "name": "15806",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15806"
        },
        {
          "name": "15808",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15808"
        },
        {
          "name": "ADV-2005-2835",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2835"
        },
        {
          "name": "15804",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15804"
        },
        {
          "name": "15803",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15803"
        },
        {
          "name": "19619",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19619"
        },
        {
          "name": "DSA-1033",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1033"
        },
        {
          "name": "SUSE-SR:2006:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
        },
        {
          "name": "15802",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15802"
        },
        {
          "name": "17970",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17970"
        },
        {
          "name": "20960",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20960"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sec-consult.com/245.html"
        },
        {
          "name": "[horde-announce] 20051211 Horde 3.0.8 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2005/000238.html"
        },
        {
          "name": "19897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19897"
        },
        {
          "name": "SUSE-SR:2006:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "15810",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15810"
            },
            {
              "name": "15806",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15806"
            },
            {
              "name": "15808",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15808"
            },
            {
              "name": "ADV-2005-2835",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2835"
            },
            {
              "name": "15804",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15804"
            },
            {
              "name": "15803",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15803"
            },
            {
              "name": "19619",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19619"
            },
            {
              "name": "DSA-1033",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1033"
            },
            {
              "name": "SUSE-SR:2006:016",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
            },
            {
              "name": "15802",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15802"
            },
            {
              "name": "17970",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17970"
            },
            {
              "name": "20960",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20960"
            },
            {
              "name": "http://www.sec-consult.com/245.html",
              "refsource": "MISC",
              "url": "http://www.sec-consult.com/245.html"
            },
            {
              "name": "[horde-announce] 20051211 Horde 3.0.8 (final)",
              "refsource": "MLIST",
              "url": "http://lists.horde.org/archives/announce/2005/000238.html"
            },
            {
              "name": "19897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19897"
            },
            {
              "name": "SUSE-SR:2006:009",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4190",
    "datePublished": "2005-12-13T11:00:00",
    "dateReserved": "2005-12-13T00:00:00",
    "dateUpdated": "2024-08-07T23:38:51.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}