Buffer overflow in AIX xdat gives root access to local users.

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

CGI PHP mylog script allows an attacker to read any file on the target server.

phf CGI program allows remote command execution through shell metacharacters.

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

Buffer overflow in AIX lquerylv program gives root access to local users.

The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.

Buffer overflow in PHP cgi program, php.cgi allows shell access.

Vacation program allows command execution by remote users through a sendmail command.

Buffer overflow in Sun's ping program can give root access to local users.

Buffer overflows in Sun libnsl allow root access.

Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.

Buffer overflow in HP-UX newgrp program.

Csetup under IRIX allows arbitrary file creation or overwriting.

Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

Buffer overflow of rlogin program using TERM environmental variable.

List of arbitrary files on Web host via nph-test-cgi script.

fsdump command in IRIX allows local users to obtain root access by modifying sensitive files.

Buffer overflow in University of Washington's implementation of IMAP and POP servers.

Buffer overflow in NLS (Natural Language Service).

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.

Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.