CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.

Affected Software

Name	Vendor	Start Version	End Version
Horde	Horde	1.2 (including)	1.2 (including)
Horde	Horde	1.2.1 (including)	1.2.1 (including)
Horde	Horde	1.2.2 (including)	1.2.2 (including)
Horde	Horde	1.2.3 (including)	1.2.3 (including)
Horde	Horde	1.2.4 (including)	1.2.4 (including)
Horde	Horde	1.2.5 (including)	1.2.5 (including)
Horde	Horde	1.2.6 (including)	1.2.6 (including)
Horde	Horde	1.2.7 (including)	1.2.7 (including)
Horde	Horde	1.2.8 (including)	1.2.8 (including)
Horde	Horde	2.0 (including)	2.0 (including)
Horde	Horde	2.1 (including)	2.1 (including)
Horde	Horde	2.1.3 (including)	2.1.3 (including)
Horde	Horde	2.2 (including)	2.2 (including)
Horde	Horde	2.2.1 (including)	2.2.1 (including)
Horde	Horde	2.2.3 (including)	2.2.3 (including)
Horde	Horde	2.2.4 (including)	2.2.4 (including)
Horde	Horde	2.2.4_rc1 (including)	2.2.4_rc1 (including)
Horde	Horde	2.2.5 (including)	2.2.5 (including)
Horde	Horde	2.2.6 (including)	2.2.6 (including)
Horde	Horde	2.2.7 (including)	2.2.7 (including)
Horde	Horde	2.2.8 (including)	2.2.8 (including)
Horde	Horde	2.2.9 (including)	2.2.9 (including)
Horde	Horde	3.0 (including)	3.0 (including)
Horde	Horde	3.0.1 (including)	3.0.1 (including)
Horde	Horde	3.0.2 (including)	3.0.2 (including)
Horde	Horde	3.0.3 (including)	3.0.3 (including)
Horde	Horde	3.0.4 (including)	3.0.4 (including)
Horde	Horde	3.0.4_rc1 (including)	3.0.4_rc1 (including)
Horde	Horde	3.0.4_rc2 (including)	3.0.4_rc2 (including)
Horde	Horde	3.0.6 (including)	3.0.6 (including)
Horde	Horde	3.0.7 (including)	3.0.7 (including)
Horde	Horde	3.0.8 (including)	3.0.8 (including)
Horde	Horde	3.0.9 (including)	3.0.9 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1260
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References