NFS exports system-critical data to the world, e.g. / or a password file.

A Unix account with a name other than "root" has UID 0, i.e. root privileges.

Two or more Unix accounts have the same UID.

A system-critical Unix file or directory has inappropriate permissions.

A system-critical Windows NT file or directory has inappropriate permissions.

IIS has the #exec function enabled for Server Side Include (SSI) files.

An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled.

A Sendmail alias allows input to be piped to a program.

rpc.admind in Solaris is not running in a secure mode.

A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file.

Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.

A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts.

A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.

A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.

A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.

The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.

The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.

There is a one-way or two-way trust relationship between Windows NT domains.

A Windows NT file system is not NTFS.

A network service is running on a nonstandard port.