Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

NetBSD netstat command allows local users to access kernel memory.

In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.

The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.

Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.

SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise.

WS_FTP server remote denial of service through cwd command.

NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging.

MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.

ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords.

Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.

Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.

ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.

Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.

Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.

rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.

ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption.

FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.

Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.

A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.