nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.

Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working dir...

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happeni...

Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SN...

ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.

lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 ...

Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community str...

An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.

The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.

Cisco Cache Engine allows a remote attacker to gain access via a null username and password.

Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.

Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.

MajorCool mj_key_cache program allows local users to modify files via a symlink attack.

WebTrends software stores account names and passwords in a file which does not have restricted access permissions.

FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.

sccw allows local users to read arbitrary files.

userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.

Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.

Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.

Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.

Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file.

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.