Gentoo Linux Security Advisory GLSA 200604-02 - Jan Schneider of the Horde team discovered a vulnerability in the help viewer of the Horde Application Framework that could allow remote code execution (CVE-2006-1491). Paul Craig reported that services/go.php fails to validate the passed URL parameter correctly (CVE-2006-1260). Versions less than 3.1.1 are affected.
22c9a376cb388b43b2ffe09a75306e64cd836c58f28d831955c9cb5e52d37fc3