DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

Buffer overflow in Solaris lpset program allows local users to gain root access.

In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.

Buffer overflow in Solaris lpstat via class argument allows local users to gain root access.

Solaris ff.core allows local users to modify files.

rpc.admind in Solaris is not running in a secure mode.

The passwd command in Solaris can be subjected to a denial of service.

Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

Vacation program allows command execution by remote users through a sendmail command.

CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.

A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.

In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.

SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.