ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

BUGTRAQ:19981223 Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service | CERT:CA-98-13-tcp-denial-of-service | CONFIRM:http://www.openbsd.org/errata23.html#tcpfix | OSVDB:5707 | URL:http://www.osvdb.org/5707

Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

BID:121 | URL:http://www.securityfocus.com/bid/121 | CERT:CA-98.12.mountd | CIAC:J-006 | URL:http://www.ciac.org/ciac/bulletins/j-006.shtml | SGI:19981006-01-I | URL:ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I | XF:linux-mountd-bo

Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.

AUSCERT:AA-98.01 | BID:133 | URL:http://www.securityfocus.com/bid/133 | CERT:CA-98.08.qpopper_vul | SGI:19980801-01-I | URL:ftp://patches.sgi.com/support/free/security/advisories/19980801-01-I | XF:qpopper-pass-overflow

Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

CERT:CA-98.04.Win32.WebServers | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0012 | XF:nt-web8.3

Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.

CERT:CA-98.03.ssh-agent | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0013 | NAI:NAI-24 | XF:ssh-agent

JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

CERT:CA-97.20.javascript | HP:HPSBUX9707-065 | URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html

webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.

AUSCERT:AA-97.14 | BID:374 | URL:http://www.securityfocus.com/bid/374 | BUGTRAQ:19970507 Re: SGI Advisory: webdist.cgi | BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in | CERT:CA-1997-12 | URL:http://www.cert.org/advisories/CA-1997-12.html | OSVDB:235 | URL:http://www.osvdb.org/235 | SGI:19970501-02-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX | XF:http-sgi-webdist(333) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/333

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

FREEBSD:FreeBSD-SA-98:08 | OSVDB:908 | URL:http://www.osvdb.org/908 | XF:freebsd-ip-frag-dos(1389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1389

Vacation program allows command execution by remote users through a sendmail command.

HP:HPSBUX9811-087 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9811-087 | NAI:NAI-19 | XF:vacation

File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0061 | NAI:NAI-20 | XF:bsd-lpd

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

SUN:00181 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/181 | XF:hp-dtmail

AnyForm CGI remote execution.

BID:719 | URL:http://www.securityfocus.com/bid/719 | BUGTRAQ:19950731 SECURITY HOLE: "AnyForm" CGI | XF:http-cgi-anyform

phf CGI program allows remote command execution through shell metacharacters.

AUSCERT:AA-96.01 | BID:629 | URL:http://www.securityfocus.com/bid/629 | BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole family | CERT:CA-1996-06 | URL:http://www.cert.org/advisories/CA-1996-06.html | OSVDB:136 | URL:http://www.osvdb.org/136 | XF:http-cgi-phf

Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.

CERT:CA-95:14.Telnetd_Environment_Vulnerability | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0073 | XF:linkerbug

Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.

MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0079 | XF:ftp-pasv-dos | XF:ftp-pasvdos

Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.

BUGTRAQ:19950531 SECURITY: problem with some wu-ftpd-2.4 binaries (fwd) | CERT:CA-95:16.wu-ftpd.vul | MISC:https://archive.nanog.org/mailinglist/mailarchives/old_archive/1995-11/msg00385.html | XF:ftp-execdotdot

Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.

BUGTRAQ:19960821 rwhod buffer overflow | XF:rwhod(119) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/119 | XF:rwhod-vuln(118) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/118

AIX routed allows remote users to modify sensitive files.

ERS:ERS-SVA-E01-1998:001.1 | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0086 | XF:ibm-routed

IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.

ERS:ERS-SVA-E01-1998:004.1 | URL:http://www-1.ibm.com/services/brs/brspwhub.nsf/advisories/852567CC004F9038852566BF007B6393/$file/ERS-SVA-E01-1998_004_1.txt

Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.

MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0098 | XF:smtp-helo-bo

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

CERT:CA-95.13.syslog.vul | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0099 | XF:smtp-syslog

Remote access in AIX innd 1.5.1, using control messages.

ERS:ERS-SVA-E01-1997:002.1 | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0100 | XF:inn-controlmsg

Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.

BUGTRAQ:19971230 Apache DoS attack? | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0107 | XF:apache-dos

The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands.

AUSCERT:AA-97.28 | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0147 | XF:http-cgi-glimpse

The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack.

BID:373 | URL:http://www.securityfocus.com/bid/373 | BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bug | OSVDB:247 | URL:http://www.osvdb.org/247 | SGI:19970501-02-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX | XF:http-sgi-wrap(290) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/290

The Perl fingerd program allows arbitrary command execution from remote users.

MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0150 | XF:perl-fingerd

The DG/UX finger daemon allows remote command execution through shell metacharacters.

BUGTRAQ:19970811 dgux in.fingerd vulnerability | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0152 | XF:dgux-fingerd

IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.

BUGTRAQ:19970220 ! [ADVISORY] Major Security Hole in MS ASP | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0154 | MSKB:Q163485 | MSKB:Q164059 | XF:http-iis-aspdot | XF:http-iis-aspsource

The ghostscript command with the -dSAFER option allows remote attackers to execute commands.

CERT:CA-95.10.ghostscript | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0155 | XF:gscript-dsafer

Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.

MISC:https://www.cve.org/CVERecord?id=CVE-1999-0170 | XF:nfs-ultrix

FormMail CGI program allows remote execution of commands.

BUGTRAQ:Aug02,1995 | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0172 | XF:http-cgi-formmail-exe

The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.

BUGTRAQ:19970208 view-source | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0174 | XF:http-cgi-viewsrc

The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server.

MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0175 | XF:http-nov-convert

The Webgais program allows a remote user to execute arbitrary commands.

BUGTRAQ:Jul10,1997 | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0176 | XF:http-webgais-query

The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.

BUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0177 | NTBUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable | NTBUGTRAQ:19970905 Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable | XF:http-website-uploader

Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.

BID:2078 | URL:http://www.securityfocus.com/bid/2078 | BUGTRAQ:19970106 Re: signal handling | URL:http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.html | OSVDB:8 | URL:http://www.osvdb.org/8 | XF:http-website-winsample(295) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/295

The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands.

MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0181 | XF:walld

Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.

CERT:VB-97.10.samba | CIAC:H-110 | URL:http://www.ciac.org/ciac/bulletins/h-110.shtml | XF:nt-samba-bo

In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.

SUN:00156 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/156 | XF:sun-ftpd/logind

In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.

CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm | SUN:00178 | XF:snmp-backdoor-access

IIS newdsn.exe CGI script allows remote users to overwrite files.

OSVDB:275 | URL:http://www.osvdb.org/275 | XF:http-cgi-newdsn

Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.

MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0192 | SNI:SNI-20 | XF:bsd-tel-tgetent

websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).

BID:2077 | URL:http://www.securityfocus.com/bid/2077 | BUGTRAQ:19970704 Vulnerability in websendmail | OSVDB:237 | URL:http://www.osvdb.org/237 | XF:http-webgais-smail

Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.

CIAC:F-13 | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0204 | XF:ident-bo

Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.

CERT:CA-94.11.majordomo.vulnerabilities | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0207 | XF:majordomo-exe

rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.

CERT:CA-95.17.rpc.ypupdated.vul | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0208 | XF:rpc-update

The SunView (SunTools) selection_svc facility allows remote users to read files.

BID:8 | URL:http://www.securityfocus.com/bid/8 | CERT:CA-90.05.sunselection.vulnerability | XF:selsvc

Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.

BID:235 | URL:http://www.securityfocus.com/bid/235 | BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd) | URL:http://marc.info/?l=bugtraq&m=88053459921223&w=2 | BUGTRAQ:19990103 SUN almost has a clue! (automountd) | URL:http://marc.info/?l=bugtraq&m=91547759121289&w=2 | CERT:CA-99-05 | URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html | HP:HPSBUX9910-104 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9910-104

Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.

CIAC:I-048 | URL:http://www.ciac.org/ciac/bulletins/i-048.shtml | SUN:00168 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168 | XF:sun-mountd

Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.

BID:269 | URL:http://www.securityfocus.com/bid/269 | BUGTRAQ:19990909 Exploit: Serv-U Ver2.5 FTPd Win9x/NT | NTBUGTRAQ:19990503 Buffer overflows in FTP Serv-U 2.5 | URL:http://marc.info/?l=ntbugtraq&m=92574916930144&w=2 | NTBUGTRAQ:19990504 Re: Buffer overflows in FTP Serv-U 2.5 | URL:http://marc.info/?l=ntbugtraq&m=92582581330282&w=2 | XF:ftp-servu(205) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/205