Vulnerability Details CVE-2006-1491
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.183
EPSS Ranking 94.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86
- http://lists.horde.org/archives/announce/2006/000271.html
- http://lists.horde.org/archives/announce/2006/000272.html
- http://secunia.com/advisories/19485
- http://secunia.com/advisories/19504
- http://secunia.com/advisories/19528
- http://secunia.com/advisories/19619
- http://secunia.com/advisories/19692
- http://securitytracker.com/id?1015841
- http://www.attrition.org/pipermail/vim/2006-March/000671.html
- http://www.debian.org/security/2006/dsa-1033
- http://www.debian.org/security/2006/dsa-1034
- http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml
- http://www.novell.com/linux/security/advisories/2006_07_sr.html
- http://www.securityfocus.com/bid/17292
- http://www.vupen.com/english/advisories/2006/1154
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25516
- http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86
- http://lists.horde.org/archives/announce/2006/000271.html
- http://lists.horde.org/archives/announce/2006/000272.html
- http://secunia.com/advisories/19485
- http://secunia.com/advisories/19504
- http://secunia.com/advisories/19528
- http://secunia.com/advisories/19619
- http://secunia.com/advisories/19692
- http://securitytracker.com/id?1015841
- http://www.attrition.org/pipermail/vim/2006-March/000671.html
- http://www.debian.org/security/2006/dsa-1033
- http://www.debian.org/security/2006/dsa-1034
- http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml
- http://www.novell.com/linux/security/advisories/2006_07_sr.html
- http://www.securityfocus.com/bid/17292
- http://www.vupen.com/english/advisories/2006/1154
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25516
Products affected by CVE-2006-1491
-
cpe:2.3:a:horde:application_framework:3.0
-
cpe:2.3:a:horde:application_framework:3.0.1
-
cpe:2.3:a:horde:application_framework:3.0.2
-
cpe:2.3:a:horde:application_framework:3.0.3
-
cpe:2.3:a:horde:application_framework:3.0.4
-
cpe:2.3:a:horde:application_framework:3.0.4_rc1
-
cpe:2.3:a:horde:application_framework:3.0.4_rc2
-
cpe:2.3:a:horde:application_framework:3.0.6
-
cpe:2.3:a:horde:application_framework:3.0.7
-
cpe:2.3:a:horde:application_framework:3.0.8
-
cpe:2.3:a:horde:application_framework:3.0.9
-
cpe:2.3:a:horde:application_framework:3.1