This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:horde:groupware
Detail
VendorHordeFirst view 2007-01-30
ProductGroupwareLast view 2014-07-14
VersionTypeApplication
Edition 
Language 
Update 

Activity : Overall

COMMON PLATFORM ENUMERATION : Repartition per Version

CPE NameAffected CVE
cpe:/a:horde:groupware:5.1.4::~~webmail~~~2
cpe:/a:horde:groupware:5.1.3::~~webmail~~~2
cpe:/a:horde:groupware:5.1.2::~~webmail~~~2
cpe:/a:horde:groupware:5.1.1::~~webmail~~~2
cpe:/a:horde:groupware:5.1.0::~~webmail~~~2
Hide | Show 73 More...
CPE NameAffected CVE
cpe:/a:horde:groupware:5.1.0:rc1:~~webmail~~~2
cpe:/a:horde:groupware:5.0.5::~~webmail~~~2
cpe:/a:horde:groupware:5.0.4::~~webmail~~~2
cpe:/a:horde:groupware:5.0.3::~~webmail~~~2
cpe:/a:horde:groupware:5.0.2::~~webmail~~~2
cpe:/a:horde:groupware:5.0.1::~~webmail~~~2
cpe:/a:horde:groupware:5.0.0::~~webmail~~~2
cpe:/a:horde:groupware:5.0.0:rc1:~~webmail~~~2
cpe:/a:horde:groupware:4.0.8::webamail3
cpe:/a:horde:groupware:4.0.7::webamail4
cpe:/a:horde:groupware:4.0.6::webamail4
cpe:/a:horde:groupware:4.0.5::webamail4
cpe:/a:horde:groupware:4.0.4::webamail4
cpe:/a:horde:groupware:4.0.3::webamail4
cpe:/a:horde:groupware:4.0.2::webamail4
cpe:/a:horde:groupware:4.0.1::webamail4
cpe:/a:horde:groupware:4.0::webamail4
cpe:/a:horde:groupware:4.0:rc1:webamail4
cpe:/a:horde:groupware:4.0:rc2:webamail4
cpe:/a:horde:groupware:1.2.6::webmail3
cpe:/a:horde:groupware:1.2.5::webmail3
cpe:/a:horde:groupware:1.2.42
cpe:/a:horde:groupware:1.2.4::webmail5
cpe:/a:horde:groupware:1.2.3:rc1:webmail7
cpe:/a:horde:groupware:1.2.33
cpe:/a:horde:groupware:1.2.3::webmail7
cpe:/a:horde:groupware:1.2.23
cpe:/a:horde:groupware:1.2.2::webmail7
cpe:/a:horde:groupware:1.2.101
cpe:/a:horde:groupware:1.2.10::webmail1
cpe:/a:horde:groupware:1.2.13
cpe:/a:horde:groupware:1.2.1::webmail7
cpe:/a:horde:groupware:1.23
cpe:/a:horde:groupware:1.2::webmail7
cpe:/a:horde:groupware:1.2:rc13
cpe:/a:horde:groupware:1.2:rc1:webmail7
cpe:/a:horde:groupware:1.1.6::webmail6
cpe:/a:horde:groupware:1.1.53
cpe:/a:horde:groupware:1.1.5::webmail6
cpe:/a:horde:groupware:1.1.43
cpe:/a:horde:groupware:1.1.4::webmail7
cpe:/a:horde:groupware:1.1.33
cpe:/a:horde:groupware:1.1.3::webmail7
cpe:/a:horde:groupware:1.1.2::webmail7
cpe:/a:horde:groupware:1.1.23
cpe:/a:horde:groupware:1.1.13
cpe:/a:horde:groupware:1.1.1::webmail7
cpe:/a:horde:groupware:1.1:rc3:webmail7
cpe:/a:horde:groupware:1.1:rc4:webmail7
cpe:/a:horde:groupware:1.15
cpe:/a:horde:groupware:1.1::webmail7
cpe:/a:horde:groupware:1.1:rc1:webmail7
cpe:/a:horde:groupware:1.1:rc2:webmail7
cpe:/a:horde:groupware:1.0_rc31
cpe:/a:horde:groupware:1.0_rc21
cpe:/a:horde:groupware:1.0.8::webmail5
cpe:/a:horde:groupware:1.0.7::webmail5
cpe:/a:horde:groupware:1.0.6::webmail5
cpe:/a:horde:groupware:1.0.53
cpe:/a:horde:groupware:1.0.5::webmail5
cpe:/a:horde:groupware:1.0.43
cpe:/a:horde:groupware:1.0.4::webmail5
cpe:/a:horde:groupware:1.0.33
cpe:/a:horde:groupware:1.0.3::webmail5
cpe:/a:horde:groupware:1.0.24
cpe:/a:horde:groupware:1.0.2::webmail5
cpe:/a:horde:groupware:1.0.1::webmail5
cpe:/a:horde:groupware:1.0.14
cpe:/a:horde:groupware:1.0::webmail6
cpe:/a:horde:groupware:1.0:rc1:webmail5
cpe:/a:horde:groupware:1.0:rc2:webmail5
cpe:/a:horde:groupware:1.04
cpe:/a:horde:groupware1

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
4.32014-07-14CVE-2014-4946NetworkMediumNone Requ...
4.32014-07-14CVE-2014-4945NetworkMediumNone Requ...
4.32014-04-05CVE-2012-6640NetworkMediumNone Requ...
4.32014-04-05CVE-2012-5567NetworkMediumNone Requ...
4.32014-04-05CVE-2012-5566NetworkMediumNone Requ...
Hide | Show 17 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
4.32014-04-05CVE-2012-5565NetworkMediumNone Requ...
7.52012-09-25CVE-2012-0209NetworkLowNone Requ...
4.32011-04-04CVE-2010-4778NetworkMediumNone Requ...
4.32011-04-04CVE-2010-3693NetworkMediumNone Requ...
4.32011-03-31CVE-2010-3695NetworkMediumNone Requ...
4.32009-12-21CVE-2009-4363NetworkMediumNone Requ...
4.32009-12-21CVE-2009-3701NetworkMediumNone Requ...
4.32009-09-17CVE-2009-3237NetworkMediumNone Requ...
4.32009-09-17CVE-2009-3236NetworkMediumNone Requ...
102009-09-13CVE-2008-7219NetworkLowNone Requ...
102009-09-13CVE-2008-7218NetworkLowNone Requ...
4.32008-06-19CVE-2008-2783NetworkMediumNone Requ...
4.32008-04-27CVE-2008-1974NetworkMediumNone Requ...
62008-03-10CVE-2008-1284NetworkMediumRequires ...
4.92008-02-18CVE-2008-0807NetworkMediumRequires ...
4.32007-03-26CVE-2007-1679NetworkMediumNone Requ...
5.12007-01-30CVE-2007-0579NetworkHighNone Requ...

CWE : Common Weakness Enumeration

%idName
77% (14)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
11% (2)CWE-264Permissions, Privileges, and Access Controls
5% (1)CWE-94Failure to Control Generation of Code ('Code Injection')
5% (1)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idName
CAPEC-3Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7Blind SQL Injection
CAPEC-8Buffer Overflow in an API Call
CAPEC-9Buffer Overflow in Local Command-Line Utilities
CAPEC-10Buffer Overflow via Environment Variables
Hide | Show 20 More...
idName
CAPEC-13Subverting Environment Variable Values
CAPEC-14Client-side Injection-induced Buffer Overflow
CAPEC-18Embedding Scripts in Nonscript Elements
CAPEC-22Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24Filter Failure through Buffer Overflow
CAPEC-28Fuzzing
CAPEC-31Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32Embedding Scripts in HTTP Query Strings
CAPEC-42MIME Conversion
CAPEC-43Exploiting Multiple Input Interpretation Layers
CAPEC-45Buffer Overflow via Symbolic Links
CAPEC-46Overflow Variables and Tags
CAPEC-47Buffer Overflow via Parameter Expansion
CAPEC-52Embedding NULL Bytes
CAPEC-53Postfix, Null Terminate, and Backslash
CAPEC-63Simple Script Injection
CAPEC-64Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66SQL Injection
CAPEC-67String Format Overflow in syslog()
CAPEC-71Using Unicode Encoding to Bypass Validation Logic

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:8049DSA-1507 turba2 -- programming error
oval:org.mitre.oval:def:18738DSA-1507-1 turba2
oval:org.mitre.oval:def:7854DSA-1519 horde3 -- insufficient input sanitising
oval:org.mitre.oval:def:20302DSA-1519-1 horde3 - information disclosure
oval:org.mitre.oval:def:8251DSA-1560 kronolith2 -- insufficient input sanitising
Hide | Show 6 More...
idName
oval:org.mitre.oval:def:18670DSA-1560-1 kronolith2 - cross site scripting
oval:org.mitre.oval:def:8126DSA-1897 horde3 -- insufficient input sanitisation
oval:org.mitre.oval:def:13713DSA-1897-1 horde3 -- insufficient input sanitisation
oval:org.mitre.oval:def:7069DSA-1966 horde3 -- insufficient input sanitising
oval:org.mitre.oval:def:12635DSA-1966-1 horde3 -- insufficient input sanitising
oval:org.mitre.oval:def:12989DSA-2204-1 imp4 -- Insufficient input sanitising

Open Source Vulnerability Database (OSVDB)

idDescription
68267Horde DIMP Mailbox Page Folder Label XSS
68261Horde IMP fetchmailprefs.php fm_id Parameter XSS
61338Horde Xss.php Filter Bypass data:// URI XSS
61304Horde Administration Interface admin/sqlshell.php PATH_INFO Parameter XSS
61303Horde Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS
Hide | Show 14 More...
idDescription
61043Horde Administration Interface admin/phpshell.php PATH_INFO Parameter XSS
58109Horde Application Framework Numeric Preference Type XSS
58108Horde Application Framework MIME Viewer Text Part Rendering XSS
58107Horde Application Framework Form Library Image Form Field Arbitrary File Over...
46702Horde Multiple Product day.php PATH_INFO XSS
46701Horde Multiple Product workweek.php PATH_INFO XSS
46700Horde Multiple Product week.php PATH_INFO XSS
44557Kronolith addevent.php url Parameter XSS
42779Horde Turba 2 (turba2) Contact Manager H3 lib/Driver/sql.php Unauthorized Dat...
42776Horde Multiple Products Share Management Owner Validation Unspecified Issue
42775Horde Multiple Products API Unspecified Privilege Escalation
42774Horde Multiple Products theme Parameter Traversal Local File Inclusion
35181Horde Webmail ingo/rule.php XSS
33083Horde Groupware Calendar Component Unspecified Issue

ExploitDB Exploits

idDescription
18492Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
10512Horde 3.3.5 "PHP_SELF" XSS vulnerability

Metasploit Exploits

idDescription
2012-02-13Horde 3.3.12 Backdoor Arbitrary PHP Code Execution

OpenVAS Exploits

idDescription
2012-02-16Name : Horde Groupware Source Packages Backdoor Vulnerability
File : nvt/gb_horde_backdoor_51989.nasl
2011-05-12Name : Debian Security Advisory DSA 2204-1 (imp4)
File : nvt/deb_2204_1.nasl
2010-09-28Name : Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability
File : nvt/gb_horde_imp_43515.nasl
2010-04-06Name : Fedora Update for horde FEDORA-2010-5483
File : nvt/gb_fedora_2010_5483_horde_fc11.nasl
2010-04-06Name : Fedora Update for horde FEDORA-2010-5520
File : nvt/gb_fedora_2010_5520_horde_fc12.nasl
Hide | Show 19 More...
idDescription
2010-01-11Name : Debian Security Advisory DSA 1966-1 (horde3)
File : nvt/deb_1966_1.nasl
2009-11-11Name : Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)
File : nvt/glsa_200911_01.nasl
2009-10-06Name : Debian Security Advisory DSA 1897-1 (horde3)
File : nvt/deb_1897_1.nasl
2009-09-15Name : FreeBSD Ports: horde-base
File : nvt/freebsd_horde-base0.nasl
2009-02-17Name : Fedora Update for kronolith FEDORA-2008-3460
File : nvt/gb_fedora_2008_3460_kronolith_fc7.nasl
2009-02-17Name : Fedora Update for kronolith FEDORA-2008-3543
File : nvt/gb_fedora_2008_3543_kronolith_fc8.nasl
2009-02-16Name : Fedora Update for horde FEDORA-2008-2040
File : nvt/gb_fedora_2008_2040_horde_fc7.nasl
2009-02-16Name : Fedora Update for imp FEDORA-2008-2040
File : nvt/gb_fedora_2008_2040_imp_fc7.nasl
2009-02-16Name : Fedora Update for turba FEDORA-2008-2040
File : nvt/gb_fedora_2008_2040_turba_fc7.nasl
2009-02-16Name : Fedora Update for horde FEDORA-2008-2087
File : nvt/gb_fedora_2008_2087_horde_fc8.nasl
2009-02-16Name : Fedora Update for imp FEDORA-2008-2087
File : nvt/gb_fedora_2008_2087_imp_fc8.nasl
2009-02-16Name : Fedora Update for turba FEDORA-2008-2087
File : nvt/gb_fedora_2008_2087_turba_fc8.nasl
2009-02-16Name : Fedora Update for kronolith FEDORA-2008-2212
File : nvt/gb_fedora_2008_2212_kronolith_fc7.nasl
2009-02-16Name : Fedora Update for horde FEDORA-2008-2362
File : nvt/gb_fedora_2008_2362_horde_fc8.nasl
2009-02-16Name : Fedora Update for horde FEDORA-2008-2406
File : nvt/gb_fedora_2008_2406_horde_fc7.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200805-01 (horde)
File : nvt/glsa_200805_01.nasl
2008-04-30Name : Debian Security Advisory DSA 1560-1 (kronolith2)
File : nvt/deb_1560_1.nasl
2008-03-19Name : Debian Security Advisory DSA 1519-1 (horde3)
File : nvt/deb_1519_1.nasl
2008-02-28Name : Debian Security Advisory DSA 1507-1 (turba2)
File : nvt/deb_1507_1.nasl

Snort® IPS/IDS

DateDescription
2014-01-10Horde javascript.php href backdoor
RuleID : 21555 - Type : MALWARE-OTHER - Revision : 2
2014-01-10Remote Execution Backdoor Attempt Against Horde
RuleID : 21375-community - Type : SERVER-WEBAPP - Revision : 7
2014-01-10Remote Execution Backdoor Attempt Against Horde
RuleID : 21375 - Type : SERVER-WEBAPP - Revision : 7

Nessus® Vulnerability Scanner

idDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-837.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-843.nasl - Type : ACT_GATHER_INFO
2013-01-21Name : The remote web server hosts a PHP application that is affected by a cross-sit...
File : imp_upload_xss.nasl - Type : ACT_GATHER_INFO
2012-02-17Name : A web application hosted on the remote host has a code execution vulnerability.
File : horde_open_calendar_backdoor.nasl - Type : ACT_ATTACK
2011-03-28Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2204.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-5520.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-5563.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-5483.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1966.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1897.nasl - Type : ACT_GATHER_INFO
2010-02-15Name : The remote openSUSE host is missing a security update.
File : suse_11_0_horde-100210.nasl - Type : ACT_GATHER_INFO
2009-11-09Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-01.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_horde-081119.nasl - Type : ACT_GATHER_INFO
2008-11-25Name : The remote openSUSE host is missing a security update.
File : suse_horde-5791.nasl - Type : ACT_GATHER_INFO
2008-06-12Name : The remote Fedora host is missing a security update.
File : fedora_2008-3460.nasl - Type : ACT_GATHER_INFO
2008-06-12Name : The remote Fedora host is missing a security update.
File : fedora_2008-3543.nasl - Type : ACT_GATHER_INFO
2008-05-09Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200805-01.nasl - Type : ACT_GATHER_INFO
2008-05-01Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1560.nasl - Type : ACT_GATHER_INFO
2008-03-17Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1519.nasl - Type : ACT_GATHER_INFO
2008-03-13Name : The remote Fedora host is missing a security update.
File : fedora_2008-2362.nasl - Type : ACT_GATHER_INFO
2008-03-13Name : The remote Fedora host is missing a security update.
File : fedora_2008-2406.nasl - Type : ACT_GATHER_INFO
2008-03-07Name : The remote Fedora host is missing a security update.
File : fedora_2008-2212.nasl - Type : ACT_GATHER_INFO
2008-02-29Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-2040.nasl - Type : ACT_GATHER_INFO
2008-02-29Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-2087.nasl - Type : ACT_GATHER_INFO
2008-02-25Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1507.nasl - Type : ACT_GATHER_INFO