A vulnerability has been discovered in Horde Imp which may allow an attacker to access arbitrary system files. The issue occurs due to insufficient sanity checks on user-supplied URI parameters. By specifying a malicious INBOX file in a request, the contents of the file may be disclosed to a remote attacker. All files would be accessed with the privileges of the user invoking Imp.
A boundary condition error exists in telnet daemons derived from the BSD telnet daemon. Under certain circumstances, the buffer overflow can occur when a combination of telnet protocol options are received by the daemon. The function responsible for processing the options prepares a response within a fixed sized buffer, without performing any bounds checking.
Squid servers, when configured as an 'HTTP accelerator only', may allow remote attackers to use them as port scanners. There is also a potential that they will grant proxied access to the malicious user. To exploit this vulnerability, the attacker needs to set squid to HTTPD_accel mode, with a particular host and strict ACL's, export httpd_proxy='HTTP://squid-server:port' and use lynx HTTP://victim:port/. If the port is open, the attacker will get a HTTP 200 code and sometimes a response with some services SSH, SMTP, etc.
Slackware Linux contains a configuration error that enables local users to create files in the directory used by the system manual pager ('man') for cache files. Due to the behaviour of the 'man' program, it may be possible for an attacker to create a malicious cache file causing the execution of arbitrary code when another user views a manual page corresponding to that cache file.
A flaw has been identified in the product's network play features which allows a maliciously designed client to prevent legitimate players from connecting to the Quake server. Additionally, it is possible to disconnect players that have already connected to the Quake server.
A vulnerability exists in certain models of 3Com hubs and potentially other 3Com network products. The affected devices fail to properly restrict the allowed number of login attempts to the inbuilt telnet-based administration interface from remote users. Attackers can use brute-force cracking techniques in obtaining access to 3Com telnetd config accounts. Exploiting this, a malicious user can interfere with the device's operation and configuration, creating denials of service and further compromising the network on which the device is installed.
A buffer overflow in the handling of the MANPATH environment variable by xman makes it possible for a local user to execute arbitrary code. By inserting 70000 characters into the MANPATH variable, it is possible to overwrite stack variables, including the return address.
A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption scheme it is possible for a user to decrypt the password using a third party utility.
Interactive Story is a web-based application written in Perl and is distributed as freeware. It does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote attackers may take advantage of this by crafting URLs that allow them to break out of webroot and view arbitrary web-readable files. If an attacker sets the 'next' field to something like '../../../../../../../../../../etc/passwd%00', Interactive Story will open and display the password file.
The vulnerability is due to a new ActiveX control called 'Microsoft Outlook View Control'. The flaw is that this control is marked 'safe for scripting' when it should not be. It is therefore accessible by scripts. Scripts can execute commands without user knowledge or consent.