Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.

HP Remote Watch allows a remote user to gain root access.

Some configurations of NIS+ in Linux allowed attackers to log in as the user "+".

Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root.

Linux cfingerd could be exploited to gain root access.

Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords.

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

Some filters or firewalls allow fragmented SYN packets with IP reserved bits in violation of their implemented policy.

Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.

php.cgi allows attackers to read any file on the system.

Remote execution of arbitrary commands through Guestbook CGI program.

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.

Bash treats any character with a value of 255 as a command separator.

IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.

Buffer overflow in NCSA WebServer (version 1.5c) gives remote access.

Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 packages using a long VRFY command, causing a denial of service and possibly remote access.

Buffer overflow in Cisco 7xx routers through the telnet service.

Denial of service in Windows NT IIS server using ..\..

Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.