The passwd command in Solaris can be subjected to a denial of service.

Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.

Vacation program allows command execution by remote users through a sendmail command.

CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.

Buffer overflow in Sun's ping program can give root access to local users.

SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

Solaris SUNWadmap can be exploited to obtain root access.