Horde Application Framework 3.3.4 Release Candidate 1

CPE Details

Horde Application Framework 3.3.4 Release Candidate 1
horde
horde_application_framework
3.3.4
2010-11-10
15h38 +00:00
2010-11-19
17h29 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:horde:horde_application_framework:3.3.4:rc1:*:*:*:*:*:*

Informations

Vendor

horde

Product

horde_application_framework

Version

3.3.4

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2014-1691 2014-04-01 13h00 +00:00 The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
7.5
CVE-2010-3077 2010-11-09 19h00 +00:00 Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
4.3
CVE-2010-3694 2010-11-09 19h00 +00:00 Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
6.8
CVE-2009-3237 2009-09-17 08h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "text parts" that are not properly handled in the MIME viewer library (config/mime_drivers.php).
4.3