BackWeb client stores the username and password in cleartext for proxy authentication in the Communication registry key, which could allow other local users to gain privileges by reading the password.

Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack.

The passwd command in Solaris can be subjected to a denial of service.

Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.

RealSystem G2 server stores the administrator password in cleartext in a world-readable configuration file, which allows local users to gain privileges.

fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe.

BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.

BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.

Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file.

UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.

Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

Buffer overflow in NetMeeting allows denial of service and remote command execution.

Linux PAM modules allow local users to gain root access using temporary files.

The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

Remote attackers can perform a denial of service using IRIX fcagent.

Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.

Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file.