Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.

Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.

Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command.

War FTP Daemon 1.70 allows remote attackers to cause a denial of service by flooding it with connections.

Netscape Navigator uses weak encryption for storing a user's Netscape mail password.

Cisco Cache Engine allows a remote attacker to gain access via a null username and password.

The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics.

Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.

Cisco Cache Engine allows an attacker to replace content in the cache.

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request.

Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.

Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.

HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).

Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.

Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.

Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.

UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack.

Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.