Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.