The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.

Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.

The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.

Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.

Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

Denial of service in Sendmail 8.8.6 in HPUX.

Denial of service in Gauntlet Firewall via a malformed ICMP packet.

Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.

Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.

A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.

sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.

Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.

Buffer overflow in ALMail32 POP3 client via From: or To: headers.

Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.

Buffer overflow in ToxSoft NextFTP client through CWD command.

Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.

The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.

The netstat service is running, which provides sensitive information to remote attackers.

The rwho/rwhod service is running, which exposes machine status and user information.

An incorrect configuration of the Webcart CGI program could disclose private information.