Denial of service in Savant web server via a null character in the requested URL.

resend command in Majordomo allows local users to gain privileges via shell metacharacters.

Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.

Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.

Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.

IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.

UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack.

InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments.

Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.

FTPPro allows local users to read sensitive information, which is stored in plain text.

WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.

strace allows local users to read arbitrary files via memory mapped file names.

Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.

RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.

Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

glFtpD includes a default glftpd user account with a default password and a UID of 0.

glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.

Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request.