Buffer overflow in xlock program allows local users to execute commands as root.

Buffer overflow of rlogin program using TERM environmental variable.

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Delete or create a file via rpc.statd, due to invalid information.

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges.

AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled.

Some implementations of rlogin allow root access if given a -froot parameter.

AIX passwd allows local users to gain root access.

The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.

The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.