Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.

Denial of service in syslog by sending it a large number of superfluous messages.

Denial of service in Qmail by specifying a large number of recipients with the RCPT command.

Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.

fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access.

Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.

Race condition in Linux mailx command allows local users to read user files.

Finger redirection allows finger bombs.

finger allows recursive searches by using a long string of @ symbols.

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.