A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.

IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.

A service or application has a backdoor password that was placed there by the developer.

An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP).

A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.

Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.

A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.

Anonymous FTP is enabled.

A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.

An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv.

A system-critical NETBIOS/SMB share has inappropriate access control.

ICMP echo (ping) is allowed from arbitrary hosts.

The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.

A router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of.

A router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc.

A system is operating in "promiscuous" mode which allows it to perform packet sniffing.

A trust relationship exists between two Unix hosts.

An SSH server allows authentication through the .rhosts file.

A superfluous NFS server is running, but it is not importing or exporting any file systems.

Windows NT automatically logs in an administrator upon rebooting.