This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:horde:horde_application_framework:3.2.1
Detail
VendorHordeFirst view 2009-09-17
ProductHorde Application FrameworkLast view2014-04-01
Version3.2.1TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:horde:horde_application_framework

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
7.52014-04-01CVE-2014-1691NetworkLowNone Requ...
6.82010-11-09CVE-2010-3694NetworkMediumNone Requ...
4.32010-11-09CVE-2010-3077NetworkMediumNone Requ...
4.32009-09-17CVE-2009-3237NetworkMediumNone Requ...

CWE : Common Weakness Enumeration

%idName
50% (2)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (1)CWE-352Cross-Site Request Forgery (CSRF)
25% (1)CWE-94Failure to Control Generation of Code ('Code Injection')

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:21721DSA-2853-1 horde3 - Remote code execution
oval:org.mitre.oval:def:12816DSA-2278-1 horde3 -- several

Open Source Vulnerability Database (OSVDB)

idDescription
69159Horde Application Framework Preference Form CSRF
67839Horde Application Framework util/icon_browser.php subdir Parameter XSS
65089Horde Groupware / Horde Groupware Webmail Edition Unspecified CSRF
58109Horde Application Framework Numeric Preference Type XSS
58108Horde Application Framework MIME Viewer Text Part Rendering XSS

ExploitDB Exploits

idDescription
32439Horde Framework Unserialize PHP Code Execution

OpenVAS Exploits

idDescription
2011-08-03Name : Debian Security Advisory DSA 2278-1 (horde3)
File : nvt/deb_2278_1.nasl
2010-12-02Name : Fedora Update for horde FEDORA-2010-16525
File : nvt/gb_fedora_2010_16525_horde_fc14.nasl
2010-11-16Name : Fedora Update for horde FEDORA-2010-16555
File : nvt/gb_fedora_2010_16555_horde_fc13.nasl
2010-11-16Name : Fedora Update for horde FEDORA-2010-16592
File : nvt/gb_fedora_2010_16592_horde_fc12.nasl
2010-09-07Name : Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerabi...
File : nvt/gb_horde_43001.nasl
Hide | Show 5 More...
idDescription
2010-04-06Name : Fedora Update for horde FEDORA-2010-5483
File : nvt/gb_fedora_2010_5483_horde_fc11.nasl
2010-04-06Name : Fedora Update for horde FEDORA-2010-5520
File : nvt/gb_fedora_2010_5520_horde_fc12.nasl
2010-01-11Name : Debian Security Advisory DSA 1966-1 (horde3)
File : nvt/deb_1966_1.nasl
2009-11-11Name : Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)
File : nvt/glsa_200911_01.nasl
2009-09-15Name : FreeBSD Ports: horde-base
File : nvt/freebsd_horde-base0.nasl

Snort® IPS/IDS

DateDescription
2014-05-01Horde Framework variables.php unserialize PHP code execution attempt
RuleID : 30305 - Type : SERVER-WEBAPP - Revision : 2

Nessus® Vulnerability Scanner

idDescription
2014-02-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2853.nasl - Type : ACT_GATHER_INFO
2011-07-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2278.nasl - Type : ACT_GATHER_INFO
2010-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2010-16525.nasl - Type : ACT_GATHER_INFO
2010-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2010-16555.nasl - Type : ACT_GATHER_INFO
2010-11-05Name : The remote Fedora host is missing a security update.
File : fedora_2010-16592.nasl - Type : ACT_GATHER_INFO
Hide | Show 7 More...
idDescription
2010-09-07Name : The remote web server hosts a PHP script that is prone to a cross- site scrip...
File : horde_icon_browser_subdir_xss.nasl - Type : ACT_ATTACK
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-5520.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-5563.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-5483.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1966.nasl - Type : ACT_GATHER_INFO
2010-02-15Name : The remote openSUSE host is missing a security update.
File : suse_11_0_horde-100210.nasl - Type : ACT_GATHER_INFO
2009-11-09Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-01.nasl - Type : ACT_GATHER_INFO