Listening TCP ports are sequentially allocated, allowing spoofing attacks.

Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.

Buffer overflow in AIX xdat gives root access to local users.

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

test-cgi program allows an attacker to list files on the server.

Solaris ufsrestore buffer overflow.

CGI PHP mylog script allows an attacker to read any file on the target server.

phf CGI program allows remote command execution through shell metacharacters.

AnyForm CGI remote execution.

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

Buffer overflow in AIX lquerylv program gives root access to local users.

Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.

The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.

File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool.

IRIX fam service allows an attacker to obtain a list of all files on the server.

Buffer overflow in PHP cgi program, php.cgi allows shell access.

Vacation program allows command execution by remote users through a sendmail command.

Buffer overflow in Sun's ping program can give root access to local users.

Buffer overflows in Sun libnsl allow root access.