Buffer overflow in CGI and format string bug in dwhttpd.
vulners.com/securityvulns/securityvulns:doc:2964
vulners.com/securityvulns/securityvulns:doc:3319