Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.

Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.

Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field.

CWD ~root command in ftpd allows root access.

The debug command in Sendmail is enabled, allowing attackers to execute commands as root.