[VIM] Recent unspecified Horde vuln is eval injection

Steven M. Christey coley at mitre.org
Thu Mar 30 04:13:40 EST 2006


FYI.  See diff.

======================================================
Name: CVE-2006-1491
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1491
Reference: CONFIRM:http://lists.horde.org/archives/announce/2006/000271.html
Reference: CONFIRM:http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86
Reference: BID:17292
Reference: URL:http://www.securityfocus.com/bid/17292
Reference: FRSIRT:ADV-2006-1154
Reference: URL:http://www.frsirt.com/english/advisories/2006/1154

Eval injection vulnerability in Horde Application Framework versions
3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to
execute arbitrary code via the help viewer.




More information about the VIM mailing list