The vulnerability is due to a new ActiveX control called 'Microsoft Outlook View Control'. The flaw is that this control is marked 'safe for scripting' when it should not be. It is therefore accessible by scripts. Scripts can access and perform operations on user email through this control without user knowledge or consent.
ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. ml85p does not check for symbolic links when creating image output files. These files are created in /tmp with a guessable naming format, making it trivial for attackers to exploit this vulnerability. Since user-supplied data is written to the target file, attackers may be able to elevate privileges.
ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. ml85p does not check for symbolic links when creating image output files. These files are created in /tmp with a guessable naming format, making it trivial for attackers to exploit this vulnerability. Since user-supplied data is written to the target file, attackers may be able to elevate privileges.
xloadimage and possibly derivatives such as 'xli' contain a buffer overflow vulnerability in the handling of the 'Faces Project' image type. It is possible for remote attackers to create a file that will exploit this overflow to execute arbitrary code. An optional netscape plugin shipped with Red Hat powertools invokes xloadimage to load certain image types. If this plugin is in use, this vulnerability may be remotely exploitable if an attacker places the exploit-file on a webserver. S.uS.E. Linux also ships with plugger, which invokes a derivative of xloadimage called 'xli'. 'xli' is also vulnerable.
Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. During operation, Basilix opens a PHP include file using a variable as the filename that can be supplied remotely. Basilix do not properly filter malicious user-supplied input. It is possible for remote attackers to have Basilix attempt to 'include' an arbitrary webserver-readable file. This vulnerability may disclose sensitive information contained in arbitrary web-readable files. It may also be possible for remote attackers to execute php files.
A vulnerability in Cobalt Qube's webmail implementation allows remote attackers to traverse directories. Malformed HTTP requests can be crafted to display sensitive information about the host.
poprelayd is a script that parses /var/log/maillog for valid pop logins, and based upon the login of a client, allows the person logged into the pop3 service to also send email from the ip address they're accessing the system with. poprelayd doesn't authenticate output to the /var/log/maillog file. This makes it possible for a user to create an arbitrary string via sendmail that will be logged to the file, thus allowing a remote user to relay mail through the SMTP server.
A race condition vulnerability exists in lmail. The lmail program makes insecure use of temporary files, making it susceptible to symbolic link attacks. The program also writes data from the standard input stream (stdin) directly to the temporary file. Because lmail is usually installed setuid root, it may be possible for a local user to overwrite any file on a system with arbitrary data.
Microsoft IIS is prone to a denial of service attack when a remote attacker crafts a URL which tries to pass a script parameter that is a device name. The end result of exploiting this vulnerability is that the server will crash and a denial of service will occur.
A race condition vulnerability exists in the temporary file handling method used by some teTeX filters. The problem exists because in some cases temporary files are created world-writeable with a predictable filename based on the process ID of the filter. If an attacker is able to determine the name of a temporary file used during the program's operation, a symbolic link could be created pointing to a file writeable by the user running the filter. When the filters are used by an application that runs with elevated privileges such as LPRng, the potential impact of the attack could become more significant. A local attacker could exploit this vulnerability to cause LPRng to execute arbitrary commands with its elevated privileges.
Services By CQR