Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
oryginał ENAV:N/AC:L/Au:N/C:P/I:P/A:PHorde Groupware
APPHorde1.2.10Horde
APPHorde3.3.12
Powiązane podatności
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote ...
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker ...
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as dem...
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contain...