rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.

getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.

useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.

exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.