Horde CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (115 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2001-0744	1 Horde	1 Imp	2025-04-03	N/A
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
CVE-2001-1257	1 Horde	1 Imp	2025-04-03	N/A
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
CVE-2001-1258	1 Horde	1 Imp	2025-04-03	N/A
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
CVE-2002-0181	1 Horde	2 Horde, Imp	2025-04-03	N/A
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
CVE-2002-2024	1 Horde	1 Imp	2025-04-03	5.3 Medium
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
CVE-2003-0728	1 Horde	1 Horde	2025-04-03	N/A
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
CVE-2004-0584	1 Horde	1 Imp	2025-04-03	N/A
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.
CVE-2005-0378	1 Horde	1 Horde	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
CVE-2005-0961	1 Horde	1 Application Framework	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
CVE-2005-1313	1 Horde	1 Passwd	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1314	1 Horde	1 Kronolith	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1315	1 Horde	1 Turba	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1316	1 Horde	1 Accounts	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1318	1 Horde	1 Forwards	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1320	1 Horde	1 Mnemo	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1321	1 Horde	1 Vaction	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1322	1 Horde	1 Nag	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-3344	1 Horde	1 Horde	2025-04-03	N/A
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
CVE-2005-3570	1 Horde	1 Horde	2025-04-03	N/A
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
CVE-2005-3759	1 Horde	1 Horde	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

« first previous Page 4 of 6. next last »