IP forwarding is enabled on a machine which is not a router or firewall.

A router or firewall allows source routed packets from arbitrary hosts.

Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.

An account on a router, firewall, or other network device has a guessable password.

A Windows NT domain user or administrator account has a default, null, blank, or missing password.

A Windows NT domain user or administrator account has a guessable password.

A Windows NT local user or administrator account has a default, null, blank, or missing password.

A Windows NT local user or administrator account has a guessable password.

A Unix account has a default, null, blank, or missing password.

NETBIOS share information may be published through SNMP registry keys in NT.

TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.

A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.

A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automo...

The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.

Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user.

The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.

Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.

suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy d...

Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.