ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

Listening TCP ports are sequentially allocated, allowing spoofing attacks.

The rwho/rwhod service is running, which exposes machine status and user information.

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Buffer overflow of rlogin program using TERM environmental variable.

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.