The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.

Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The Shoptron shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.

The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.

The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.

The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields.

Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.

Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE, and RNFR commands.

The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The @Retail shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.