Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges.

Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.

Buffer overflow in Samba smbd program via a malformed message command.

Denial of service in Samba NETBIOS name service daemon (nmbd).

Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".

Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options.

The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.

Buffer overflow in Solaris dtprintinfo program.

Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests.

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.

Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.

BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.

The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm.

Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location.

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.

Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.