DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.

A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.

Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.

The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.

ACC Tigris allows public access without a login.

The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.

super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.

SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user.

Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.

InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands.

Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.

Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.

Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands.

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.

The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.

Lynx allows a local user to overwrite sensitive files through /tmp symlinks.

In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.

The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.