Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.
oryginał ENAV:N/AC:L/Au:N/C:C/I:C/A:CHorde Groupware
APPHorde1.01.0.11.0.21.1Horde Groupware Webmail Edition
APPHorde1.01.0.21.0.31.1Horde Kronolith H3
APPHorde2.12.1.12.1.22.1.32.1.42.1.52.1.62.2Horde Mnemo H3
APPHorde2.12.1.12.2Horde Nag H3
APPHorde2.12.1.12.1.22.1.32.2
Powiązane podatności
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote ...
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker ...
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as dem...
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contain...