Remote command execution in Microsoft Internet Explorer using .lnk and .url files.

Excite for Web Servers (EWS) allows remote command execution via shell metacharacters.

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.

The WorkMan program can be used to overwrite any file to get root access.

mSQL v2.0.1 and below allows remote execution through a buffer overflow.

Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.

Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.

Denial of service through Solaris 2.5.1 telnet by sending ^D characters.

Denial of service in Slmail v2.5 through the POP3 port.

Progressive Networks Real Video server (pnserver) can be crashed remotely.

Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files.

Netscape Enterprise servers may list files through the PageServices query.

MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.

Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.

The info2www CGI script allows remote file access or remote command execution.

ICMP redirect messages may crash or lock up a host.

htmlscript CGI program allows remote read access to files.

Solaris SUNWadmap can be exploited to obtain root access.

Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.

Netmanager Chameleon SMTPd has several buffer overflows that cause a crash.