Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1491

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1491
Last Modified 13 May 2011 12:00:00
Published 29 Mar 2006 05:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1491

Summary

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.

Vulnerable Systems

Application

  • Horde Application Framework 3.0

  • Horde Application Framework 3.0.1

  • Horde Application Framework 3.0.2

  • Horde Application Framework 3.0.3

  • Horde Application Framework 3.0.4

  • Horde Application Framework 3.0.4 Rc1

  • Horde Application Framework 3.0.4 Rc2

  • Horde Application Framework 3.0.6

  • Horde Application Framework 3.0.7

  • Horde Application Framework 3.0.8

  • Horde Application Framework 3.0.9

  • Horde Application Framework 3.1


References

XF - horde-help-viewer-command-execution(25516)

BID - 17292

SECTRACK - 1015841

CONFIRM - http://lists.horde.org/archives/announce/2006/000271.html

VUPEN - ADV-2006-1154

SUSE - SUSE-SR:2006:007

GENTOO - GLSA-200604-02

DEBIAN - DSA-1034

DEBIAN - DSA-1033

VIM - 20060330 Recent unspecified Horde vuln is eval injection

SECUNIA - 19692

SECUNIA - 19619

SECUNIA - 19528

SECUNIA - 19504

SECUNIA - 19485

CONFIRM - http://lists.horde.org/archives/announce/2006/000272.html

CONFIRM - http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86


Last Updated: 27 May 2016 10:42:05