1. BIND weaknesses: nxt, qinv and in.named allow immediate root compromise.
2. Vulnerable CGI programs and application extensions (e.g., ColdFusion) installed on web servers.
3. Remote Procedure Call (RPC) weaknesses in rpc.ttdbserverd (ToolTalk), rpc.cmsd (Calendar Manager), and rpc.statd that allow immediate root compromise
4. RDS security hole in the Microsoft Internet Information Server (IIS).
5. Sendmail buffer overflow weaknesses, pipe attacks and MIMEbo, that allow immediate root compromise.
6. sadmind and mountd
7. Global file sharing and inappropriate information sharing via NetBIOS and Windows NT ports 135->139 (445 in Windows2000), or UNIX NFS exports on port 2049, or Macintosh Web sharing or AppleShare/IP on ports 80, 427, and 548.
8. User IDs, especially root/administrator with no passwords or weak passwords
9. IMAP and POP buffer overflow vulnerabilities or incorrect configuration
10. Default SNMP community strings set to ‘public’ and ‘private.

A High Priority Bonus Item for Windows Users and Administrators:
Various Scripting Holes in Internet Explorer and Office2000

(Asta ultima parte cu bonusu' îmi place cel mai tare :-))))