A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file.

rpc.admind in Solaris is not running in a secure mode.

An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.

A Sendmail alias allows input to be piped to a program.

An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled.

The registry in Windows NT can be accessed remotely by users who are not administrators.

IIS has the #exec function enabled for Server Side Include (SSI) files.

A system-critical Windows NT file or directory has inappropriate permissions.

A system-critical Unix file or directory has inappropriate permissions.

Two or more Unix accounts have the same UID.

A Unix account with a name other than "root" has UID 0, i.e. root privileges.

NFS exports system-critical data to the world, e.g. / or a password file.

HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.

A router's routing tables can be obtained from arbitrary hosts.

Windows NT automatically logs in an administrator upon rebooting.

A superfluous NFS server is running, but it is not importing or exporting any file systems.

An SSH server allows authentication through the .rhosts file.

The Windows NT guest account is enabled.

A password for accessing a WWW URL is guessable.

A trust relationship exists between two Unix hosts.