Anonymous FTP is enabled.

A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.

An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv.

A system-critical NETBIOS/SMB share has inappropriate access control.

ICMP echo (ping) is allowed from arbitrary hosts.

The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.

A router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of.

A router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc.

A system is operating in "promiscuous" mode which allows it to perform packet sniffing.

A trust relationship exists between two Unix hosts.

An SSH server allows authentication through the .rhosts file.

A superfluous NFS server is running, but it is not importing or exporting any file systems.

Windows NT automatically logs in an administrator upon rebooting.

NFS exports system-critical data to the world, e.g. / or a password file.

A Unix account with a name other than "root" has UID 0, i.e. root privileges.

Two or more Unix accounts have the same UID.

A system-critical Unix file or directory has inappropriate permissions.

A system-critical Windows NT file or directory has inappropriate permissions.

IIS has the #exec function enabled for Server Side Include (SSI) files.

An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled.