Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.

AIX routed allows remote users to modify sensitive files.

Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

getcwd() file descriptor leak in FTP.

CWD ~root command in ftpd allows root access.

wu-ftp allows files to be overwritten via the rnfr command.

Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.

Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

Predictable TCP sequence numbers allow spoofing.

Buffer overflow in wu-ftp from PASV command causes a core dump.

PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.

Listening TCP ports are sequentially allocated, allowing spoofing attacks.

Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.

Buffer overflow in AIX xdat gives root access to local users.

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

test-cgi program allows an attacker to list files on the server.

Solaris ufsrestore buffer overflow.

CGI PHP mylog script allows an attacker to read any file on the target server.