[VIM] Recent unspecified Horde vuln is eval injection

Thu Mar 30 04:13:40 EST 2006

FYI.  See diff.

======================================================
Name: CVE-2006-1491
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1491
Reference: CONFIRM:http://lists.horde.org/archives/announce/2006/000271.html
Reference: CONFIRM:http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86
Reference: BID:17292
Reference: URL:http://www.securityfocus.com/bid/17292
Reference: FRSIRT:ADV-2006-1154
Reference: URL:http://www.frsirt.com/english/advisories/2006/1154

Eval injection vulnerability in Horde Application Framework versions
3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to
execute arbitrary code via the help viewer.