UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack.

Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

CC Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.

Matt's Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.

Whois Internic Lookup program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.

The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.

The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.

htdig allows remote attackers to execute commands via filenames with shell metacharacters.

Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.

The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

Buffer overflow in Xshipwars xsw program.

Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.

The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created.

The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.