Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.

Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command.

procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.

An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.

Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.

Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.

Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag.

Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAv...

The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.

The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.

The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.

PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions.

NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."

daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail.

Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request.

The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascri...

PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.

Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.

Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.

Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.

get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.