Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1.

Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.

Denial of service in Qmail through long SMTP commands.

An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.

A DNS server allows zone transfers.

A DNS server allows inverse queries.

A password for accessing a WWW URL is guessable.

The rwho/rwhod service is running, which exposes machine status and user information.

ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.

Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local users to execute arbitrary code via a long HOME environment variable.

MajorCool mj_key_cache program allows local users to modify files via a symlink attack.

rsh daemon (rshd) generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system.

Command execution in Sun systems via buffer overflow in the at program.

getcwd() file descriptor leak in FTP.

Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.

Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.

Denial of service in Qmail by specifying a large number of recipients with the RCPT command.

Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.

Denial of service in IIS using long URLs.