Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.

Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL.

oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.

inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services.

sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.

Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.

IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing.

Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network.

Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in a link.

The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key.

Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).

MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.

The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host.

Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.

Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.

Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST.

Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.

Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.