CVE-2006-1491 – Horde 3.0.9/3.1.0 - Help Viewer Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-1491
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. • https://www.exploit-db.com/exploits/1660 http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86 http://lists.horde.org/archives/announce/2006/000271.html http://lists.horde.org/archives/announce/2006/000272.html http://secunia.com/advisories/19485 http://secunia.com/advisories/19504 http://secunia.com/advisories/19528 http://secunia.com/advisories/19619 http://secunia.com/advisories/19692 http://securitytracker.com/id?1015841 http://www • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2005-0961
https://notcve.org/view.php?id=CVE-2005-0961
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. • http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49&r2=1.515.2.93&ty=h http://lists.horde.org/archives/announce/2005/000176.html http://secunia.com/advisories/14730 http://www.novell.com/linux/security/advisories/2005_16_sr.html •
CVE-2004-2741
https://notcve.org/view.php?id=CVE-2004-2741
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. • http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u http://lists.horde.org/archives/announce/2004/000107.html http://secunia.com/advisories/12992 http://securitytracker.com/id?1011959 http://www.osvdb.org/11164 http://www.securityfocus.com/bid/11546 https://exchange.xforce.ibmcloud.com/vulnerabilities/17881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •