A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.

IP forwarding is enabled on a machine which is not a router or firewall.

A router or firewall allows source routed packets from arbitrary hosts.

Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.

An account on a router, firewall, or other network device has a default, null, blank, or missing password.

An account on a router, firewall, or other network device has a guessable password.

A Windows NT domain user or administrator account has a default, null, blank, or missing password.

A Windows NT domain user or administrator account has a guessable password.

A Windows NT local user or administrator account has a default, null, blank, or missing password.

A Windows NT local user or administrator account has a guessable password.

A Unix account has a default, null, blank, or missing password.

A Unix account has a guessable password.

NETBIOS share information may be published through SNMP registry keys in NT.

TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.

Anonymous FTP is enabled.

A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.

A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.

Denial of service in WinGate proxy through a buffer overflow in POP3.

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.