Listening TCP ports are sequentially allocated, allowing spoofing attacks.

test-cgi program allows an attacker to list files on the server.

Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.

File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool.

Sun's ftpd daemon can be subjected to a denial of service.

TCP RST denial of service in FreeBSD.

Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.

root privileges via buffer overflow in pset command on SGI IRIX systems.

DNS cache poisoning via BIND, by predictable query IDs.

Delete or create a file via rpc.statd, due to invalid information.

Land IP denial of service.

Teardrop IP denial of service.

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

Information from SSL-encrypted sessions via PKCS #1.

MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook.

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.