Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands.

Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.

Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.

Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.

glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.

AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program.

glFtpD includes a default glftpd user account with a default password and a UID of 0.

Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.

Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.

resend command in Majordomo allows local users to gain privileges via shell metacharacters.

Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."

InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments.

Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.

Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.

UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack.

Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.

Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.