OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.

After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.

Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.

The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs.

Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux.

SCO Doctor allows local users to gain root privileges through a Tools option.

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.

Denial of service in AIX ptrace system call allows local users to crash the system.

Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

HP CDE program includes the current directory in root's PATH variable.

The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.

Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

Denial of service in Sendmail 8.8.6 in HPUX.