Horde CVEs and Security Vulnerabilities

Filtered by vendor Horde Subscriptions

Search

Switch to Advanced Search (Beta)

Total 115 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2005-0961	1 Horde	1 Application Framework	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
CVE-2005-1313	1 Horde	1 Passwd	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1314	1 Horde	1 Kronolith	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1315	1 Horde	1 Turba	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1316	1 Horde	1 Accounts	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1318	1 Horde	1 Forwards	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1321	1 Horde	1 Vaction	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1322	1 Horde	1 Nag	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-3344	1 Horde	1 Horde	2025-04-03	N/A
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
CVE-2005-3759	1 Horde	1 Horde	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
CVE-2005-4191	1 Horde	1 Nag Task List Manager H3	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.
CVE-2000-0910	1 Horde	1 Horde	2025-04-03	N/A
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.
CVE-2003-0025	1 Horde	1 Imp	2025-04-03	N/A
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
CVE-2006-1491	1 Horde	1 Application Framework	2025-04-03	N/A
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
CVE-2006-2195	1 Horde	1 Horde	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
CVE-2006-3548	1 Horde	1 Horde	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
CVE-2001-0744	1 Horde	1 Imp	2025-04-03	N/A
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
CVE-2001-1257	1 Horde	1 Imp	2025-04-03	N/A
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
CVE-2001-1258	1 Horde	1 Imp	2025-04-03	N/A
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
CVE-2003-0728	1 Horde	1 Horde	2025-04-03	N/A
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.

« first previous Page 4 of 6. next last »