MEDIUM🇵🇱 Wersja polska

CVE-2010-1638

CVSS 5.0v2.0pub. 2010-06-22upd. 2026-04-29

The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Horde

    APP
    Horde
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Firewall
CWE
References

Related vulnerabilities

CVE-2012-0209HIGH7.5ten sam produkt

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP betwee...

CVE-2008-7218HIGH10.0ten sam produkt

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba ...

CVE-2005-3344HIGH10.0ten sam produkt

The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows...

CVE-2002-0181HIGH7.5ten sam produkt

Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to exe...

CVE-2008-3823MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3...