Back to CVE Browser

CVE-2007-6018

MEDIUM

5.8

CVSS Severity Score

EPSS Score0.0050%

EPSS Percentile24.07th

PublishedJan 11, 2008

Last ModifiedApr 23, 2026

Vulnerability Description

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

Affected Platforms (CPE)

📦

Horde

Framework

= 3.1.5

📦

Horde

Groupware Webmail Edition

= 1.0.3

📦

Horde

Horde

= 3.1.5

📦

Horde

Imp

= 4.1.5

References & Advisories

🔗 http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h

🔗 http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h

🔗 http://lists.horde.org/archives/announce/2008/000360.html

🔗 http://lists.horde.org/archives/announce/2008/000365.html

🔗 http://lists.horde.org/archives/announce/2008/000366.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

🔗 http://secunia.com/advisories/28020

🔗 http://secunia.com/advisories/28546

Related Vulnerabilities

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...