CVE-2005-3759: CVE-2005-3759

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2005-3759

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Horde MIME浏览器嵌入附件HTML注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

IMP是美国Horde公司的一套基于Web的邮件程序，它提供了邮箱访问IMAP和POP3帐户服务。 Horde IMP内部MIME浏览器在处理gzip格式的附件时存在漏洞，远程攻击者可能利用此漏洞影响浏览器的操作。 Horde IMP及其内部MIME浏览器默认下不允许显示嵌入消息，因此不会显示可能包含有恶意代码的HTML页面。如果向用户强制显示了恶意附件的话，就会过滤掉HTML页面。同样对使用gzip压缩的文件也做了类似的处理。但是，Horde Mime浏览器错误的处理了gzip嵌入附件。浏览器仅是解压了

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2005-3759

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2005-3759

Please Login to view more intelligence information

http://secunia.com/advisories/17703third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/15535vdb-entryx_refsource_BID
http://secunia.com/advisories/17599third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-909vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2005/2536vdb-entryx_refsource_VUPEN
http://www.gentoo.org/security/en/glsa/glsa-200511-20.xmlvendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/archive/1/417436/30/0/threadedmailing-listx_refsource_BUGTRAQ
http://lists.horde.org/archives/announce/2005/000232.htmlmailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2005-3759

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2005-3759

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2005-3759

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2005-3759

III. Intelligence Information for CVE-2005-3759

New Vulnerabilities

V. Comments for CVE-2005-3759

Leave a comment