Horde Imp vulnerabilities

CVE-2001-1258 [LOW] CVE-2001-1258: Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration fil Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

CVE-2000-0911 [MEDIUM] CVE-2000-0911: IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_ IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.