The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command.

Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.

Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.

Buffer overflow in University of Washington's implementation of IMAP and POP servers.

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.