UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.

IP forwarding is enabled on a machine which is not a router or firewall.

A router or firewall allows source routed packets from arbitrary hosts.

Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.

An account on a router, firewall, or other network device has a default, null, blank, or missing password.

An account on a router, firewall, or other network device has a guessable password.

A Windows NT domain user or administrator account has a default, null, blank, or missing password.

A Windows NT domain user or administrator account has a guessable password.

A Windows NT local user or administrator account has a default, null, blank, or missing password.

A Windows NT local user or administrator account has a guessable password.

A Unix account has a default, null, blank, or missing password.

A Unix account has a guessable password.

NETBIOS share information may be published through SNMP registry keys in NT.

TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.

Anonymous FTP is enabled.

A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.

A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.

Denial of service in WinGate proxy through a buffer overflow in POP3.