CVE-2006-1491

Horde Application Framework <3.0.10, <3.1.1 - Code Injection

Title source: llm

Description

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Inkubus · webappsphp

https://www.exploit-db.com/exploits/1660

View Code ZIP pw:eip

References (17)

Core 17

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17292

Third Party Advisory mailing-list x_refsource_vim

http://www.attrition.org/pipermail/vim/2006-March/000671.html

Patch vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1015841

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1034

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19528

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/25516

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19485

Various Sources x_refsource_confirm

http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19692

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_07_sr.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/1154

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19619

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1033

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19504

Various Sources x_refsource_confirm

http://lists.horde.org/archives/announce/2006/000272.html

Patch x_refsource_confirm

http://lists.horde.org/archives/announce/2006/000271.html

Scores

EPSS 0.1831

EPSS Percentile 95.3%

Details

CWE

CWE-94

Status published

Products (12)

horde/application_framework 3.0

horde/application_framework 3.0.1

horde/application_framework 3.0.2

horde/application_framework 3.0.3

horde/application_framework 3.0.4

horde/application_framework 3.0.4_rc1

horde/application_framework 3.0.4_rc2

horde/application_framework 3.0.6

horde/application_framework 3.0.7

horde/application_framework 3.0.8

... and 2 more

Published Mar 29, 2006

Tracked Since Feb 18, 2026