Sendmail decode alias can be used to overwrite sensitive files.

The debug command in Sendmail is enabled, allowing attackers to execute commands as root.

AIX piodmgrsu command allows local users to gain additional group privileges.

AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.

Various vulnerabilities in the AIX portmir command allows local users to obtain root access.

Buffer overflow in AIX writesrv command allows local users to obtain root access.

Buffer overflow in AIX rcp command allows local users to obtain root access.

Buffer overflow in AIX libDtSvc library can allow local users to gain root access.

IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.

Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.

AIX routed allows remote users to modify sensitive files.

Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

getcwd() file descriptor leak in FTP.

CWD ~root command in ftpd allows root access.

wu-ftp allows files to be overwritten via the rnfr command.

Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.

Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

Predictable TCP sequence numbers allow spoofing.