Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.

Cisco Cache Engine allows an attacker to replace content in the cache.

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request.

Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.

Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.

HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).

Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.

Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.

Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.

UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack.

Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

CC Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.

Matt's Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.

Whois Internic Lookup program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.

The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.