FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-1491

This CVE name corresponds to:

Entered Topic
2006-03-28 horde -- remote code execution vulnerability in the help viewer

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-1491
Phase Assigned(20060329)

Description

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.

References

Source Reference
VIM 20060330 Recent unspecified Horde vuln is eval injection
CONFIRM http://lists.horde.org/archives/announce/2006/000271.html
CONFIRM http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86
CONFIRM http://lists.horde.org/archives/announce/2006/000272.html
DEBIAN DSA-1033
DEBIAN DSA-1034
GENTOO GLSA-200604-02
SUSE SUSE-SR:2006:007
BID 17292
VUPEN ADV-2006-1154
SECTRACK 1015841
SECUNIA 19528
SECUNIA 19504
SECUNIA 19485
SECUNIA 19619
SECUNIA 19692
XF horde-help-viewer-command-execution(25516)