The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.

Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.

The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.

Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash.

Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.

Buffer overflow in OpenBSD ping.

OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

OpenBSD kernel crash through TSS handling, as caused by the crashme program.

Denial of service in "poll" in OpenBSD.

Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack.

Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.

Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user.

A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.

The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.

The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.

The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it.