Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.

Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.

The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.

Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 allows attackers to cause a denial of service (crash).

Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges.

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.

IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.

Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd. NOTE: since the default configuration of setiathome is not setuid, perhaps this issue should not be included in CVE.

ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.

Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs.

CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.

Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.

ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.

Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.

Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.

Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.

NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments.