Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.

Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.

The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter.

The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.

Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.

Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.

Remote attackers can perform a denial of service using IRIX fcagent.

suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk.

Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.

Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.

Local users can perform a denial of service in Alpha Linux, using MILO to force a reboot.

L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information.

Linux ftpwatch program allows local users to gain root privileges.

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.

A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.

An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP).

A service or application has a backdoor password that was placed there by the developer.

Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.