Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.

The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.

The Webgais program allows a remote user to execute arbitrary commands.

The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server.

The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.

FormMail CGI program can be used by web servers other than the host server that the program resides on.

FormMail CGI program allows remote execution of commands.

Denial of service in syslog by sending it a large number of superfluous messages.

Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.

NFS allows attackers to read and write any file on the system by specifying a false UID.

The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.

In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system.

NFS allows users to use a "cd .." command to access other directories besides the exported file system.

NFS cache poisoning.

A race condition in the Solaris ps command allows an attacker to overwrite critical files.

In older versions of Sendmail, an attacker could use a pipe character to execute root commands.

The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.

In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.

Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.

Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.