HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.

A router's routing tables can be obtained from arbitrary hosts.

Windows NT automatically logs in an administrator upon rebooting.

A superfluous NFS server is running, but it is not importing or exporting any file systems.

An SSH server allows authentication through the .rhosts file.

The Windows NT guest account is enabled.

A password for accessing a WWW URL is guessable.

A trust relationship exists between two Unix hosts.

A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.

A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.

A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input.

A DNS server allows inverse queries.

A DNS server allows zone transfers.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO.

A system is operating in "promiscuous" mode which allows it to perform packet sniffing.

A router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc.

A router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of.

The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.

An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.

IP traceroute is allowed from arbitrary hosts.