L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information.

Linux ftpwatch program allows local users to gain root privileges.

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.

A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.

An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP).

A service or application has a backdoor password that was placed there by the developer.

Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.

IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.

Local users can gain privileges using the debug utility in the MPE/iX operating system.

Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.

In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.

Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.

Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.

Solaris ff.core allows local users to modify files.

Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.

Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address.