Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.
CVE-1999-0206
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.
CVE-1999-0205
Denial of service in Sendmail 8.6.11 and 8.6.12.
CVE-1999-0204
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
CVE-1999-0203
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
CVE-1999-0202
The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands.
CVE-1999-0201
A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user.
CVE-1999-0200
Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.
CVE-1999-0199
manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.
CVE-1999-0198
finger .@host on some systems may print information on some user accounts.