| Vulnerability Name: | CVE-2006-1491 (CCN-25516) | ||||||||||||||||
| Assigned: | 2006-03-29 | ||||||||||||||||
| Published: | 2006-03-29 | ||||||||||||||||
| Updated: | 2017-07-20 | ||||||||||||||||
| Summary: | Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | ||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||
| Vulnerability Type: | CWE-94 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-1491 Source: CONFIRM Type: UNKNOWN http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86 Source: CCN Type: Horde announce Mailing List, Tue Mar 28 05:27:27 PST 2006 Horde 3.1.1 (final) Source: CONFIRM Type: Patch http://lists.horde.org/archives/announce/2006/000271.html Source: CCN Type: Horde announce Mailing List, Tue Mar 28 05:45:09 PST 2006 Horde 3.0.10 (final) Source: CONFIRM Type: UNKNOWN http://lists.horde.org/archives/announce/2006/000272.html Source: CCN Type: SA19485 Horde Help Viewer "module" PHP Code Execution Vulnerability Source: SECUNIA Type: Vendor Advisory 19485 Source: SECUNIA Type: Vendor Advisory 19504 Source: SECUNIA Type: Vendor Advisory 19528 Source: SECUNIA Type: Vendor Advisory 19619 Source: SECUNIA Type: Vendor Advisory 19692 Source: CCN Type: SECTRACK ID: 1015841 Horde Application Framework Bug Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch 1015841 Source: VIM Type: UNKNOWN 20060330 Recent unspecified Horde vuln is eval injection Source: DEBIAN Type: UNKNOWN DSA-1033 Source: DEBIAN Type: UNKNOWN DSA-1034 Source: DEBIAN Type: DSA-1033 horde3 -- several vulnerabilities Source: DEBIAN Type: DSA-1034 horde2 -- several vulnerabilities Source: CCN Type: GLSA-200604-02 Horde Application Framework: Remote code execution Source: GENTOO Type: UNKNOWN GLSA-200604-02 Source: CCN Type: Horde Web site The Horde Application Framework Source: SUSE Type: UNKNOWN SUSE-SR:2006:007 Source: CCN Type: OSVDB ID: 24322 Horde Help Viewer Arbitrary Code Execution Source: BID Type: Patch 17292 Source: CCN Type: BID-17292 Horde Help Viewer Remote PHP Code Execution Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2006-1154 Source: XF Type: UNKNOWN horde-help-viewer-command-execution(25516) Source: XF Type: UNKNOWN horde-help-viewer-command-execution(25516) Source: SUSE Type: SUSE-SR:2006:007 SUSE Security Summary Report | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||