The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:CHorde
APPHorde3.0.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
References
Related vulnerabilities
CVE-2012-0209HIGH7.5ten sam produkt
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP betwee...
CVE-2008-7218HIGH10.0ten sam produkt
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba ...
CVE-2002-0181HIGH7.5ten sam produkt
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to exe...
CVE-2010-1638MEDIUM5.0ten sam produkt
The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to sc...
CVE-2008-3823MEDIUM4.3ten sam produkt
Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3...