Horde: Security Vulnerabilities
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
CVSS Score
7.5
EPSS Score
0.014
Published
2001-07-21
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
CVSS Score
3.6
EPSS Score
0.001
Published
2001-07-21
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.
CVSS Score
4.6
EPSS Score
0.001
Published
2000-12-19
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
CVSS Score
5.0
EPSS Score
0.005
Published
2000-12-19
Page 12