Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.

Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.

HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).

Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.

Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.

Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.

UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack.

Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

CC Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.

Matt's Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.

Whois Internic Lookup program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.

The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.

The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.

htdig allows remote attackers to execute commands via filenames with shell metacharacters.

Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.

The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.