opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program.

webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.

Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.

Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.

getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.

useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.

exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.