AIX routed allows remote users to modify sensitive files.

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

Buffer overflow in statd allows root privileges.

AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.

AIX piodmgrsu command allows local users to gain additional group privileges.

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

Buffer overflow in AIX writesrv command allows local users to obtain root access.

Buffer overflow in AIX xdat gives root access to local users.

Buffer overflow in AIX rcp command allows local users to obtain root access.

DNS cache poisoning via BIND, by predictable query IDs.

An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.

Buffer overflow in AIX lchangelv gives root access.

Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.

RIP v1 is susceptible to spoofing.

Command execution in Sun systems via buffer overflow in the at program.

Buffer overflow in AIX lquerylv program gives root access to local users.

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Buffer overflow in AIX dtterm program for the CDE.

Buffer overflow in xlock program allows local users to execute commands as root.

Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.