Tcpdump v3.5.2 remote root exploit - Tested against X86 Linux. Exploits an overflow in the AFS packet parsing which requires the snaplen (-s) to be set to 500 or greater. Fixed in v3.62.
f8bece3b4c4cdecd77844f75e71dd0972eedfa3379f9b4b2e2c8349ff924afcb
Remote linux x86 exploit for Qpopper 3.0beta29 and below. (not 2.5.3) Overflows the LIST command and spawns a shell with the UID of the user who logged in (requires valid account), and GID mail.
6e03060d06070addc039c651e773cc7edd7dfdbf64902dcb1d4ab4b12b4e97df
w3-msql (miniSQL 2.0.4.1 - 2.0.11) Solaris x86 remote exploit. Distribution of miniSQL packet (http://hughes.com.au) comes with a cgi (w3-msql) that can be xploited to run arbitrary code under httpd uid.
e538616d4a13d2a4606a6853e879530a658b5ddefbf3256ac599a2700782b79d