In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.

The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands.

A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user.

Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.

manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.

finger .@host on some systems may print information on some user accounts.

finger 0@host on some systems may print information on some user accounts.

websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).

Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1.

Denial of service in in.comsat allows attackers to generate messages.

Denial of service in Ascend and 3com routers, which can be rebooted by sending a zero length TCP option.

Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.

IIS newdsn.exe CGI script allows remote users to overwrite files.

Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.

Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.

The passwd command in Solaris can be subjected to a denial of service.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0022. Reason: This candidate is a duplicate of CVE-1999-0022. Notes: All CVE users should reference CVE-1999-0022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.

In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.

When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.