Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Imp
(Horde)| Repositories | https://github.com/horde/horde |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-08-21 | CVE-2006-4255 | Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. | Horde, Imp | N/A | ||
| 2005-12-08 | CVE-2005-4080 | Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters. | Imp | N/A | ||
| 2005-05-02 | CVE-2005-1319 | Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | Imp | N/A | ||
| 2004-12-31 | CVE-2004-1443 | Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. | Imp | N/A | ||
| 2004-08-06 | CVE-2004-0584 | Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. | Imp | N/A | ||
| 2003-01-17 | CVE-2003-0025 | Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3. | Imp | N/A | ||
| 2002-04-22 | CVE-2002-0181 | Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. | Horde, Imp | N/A | ||
| 2001-07-21 | CVE-2001-1258 | Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. | Imp | N/A | ||
| 2001-07-21 | CVE-2001-1257 | Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | Imp | N/A | ||
| 2001-10-18 | CVE-2001-0744 | Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. | Imp | N/A |