Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability."

RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request.

Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).

Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.

IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.

IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.

Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389.

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.

RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried.

WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information.

Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences.

Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.

ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.

OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.

Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names.

Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers to cause a denial of service via a long USER command.

Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname.

Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access.

Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts.

Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message.

Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header.

LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.