Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names.

Buffer overflow in Solaris lpset program allows local users to gain root access.

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.

Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.

The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.

SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.

Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.

Buffer overflow in FuseMAIL POP service via long USER and PASS commands.

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories.

Buffer overflows in Red Hat net-tools package.

Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.

Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.

QMS CrownNet Unix Utilities for 2060 allows root to log on without a password.

A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication.

Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.

The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".

The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.

The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.