Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.

dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.

FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack.

The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.

The Zeus web server administrative interface uses weak encryption for its passwords.

Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.

Falcon web server allows remote attackers to determine the absolute path of the web root via long file names.

Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.

Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.

Buffer overflow in Internet Explorer 4.0 via EMBED tag.

DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

Buffer overflow in Skyfull mail server via MAIL FROM command.

Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.

Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.

Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.