Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the conta...

The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.

The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.

aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_...

X fontserver xfs allows local users to cause a denial of service via malformed input to the server.

Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.

Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.

BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.

CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.

The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name.

The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.

Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.

Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to ...

Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.

The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.

Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.

The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of s...

ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.

The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.

Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.

IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.

The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.

snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration.