I did a search of the past week and was surprised I didn’t fine this here.i always see this here first. Well I used too.
This is a list of the most commom vulns from last year, what their about and what you can do to defend against them. It’s really quit a good read
http://www.sans.org/top20/#u2
This updated SANS Top Twenty is actually two Top Ten lists: the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited vulnerable services in UNIX and Linux.
The Top Twenty is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious federal agencies in the US, UK and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute.
Windows
· W1 Internet Information Services (IIS)
http://www.sans.org/top20/#w1
· W2 Microsoft SQL Server (MSSQL)
http://www.sans.org/top20/#w2
· W3 Windows Authentication
http://www.sans.org/top20/#w3
· W4 Internet Explorer (IE)
http://www.sans.org/top20/#w4
· W5 Windows Remote Access Services
http://www.sans.org/top20/#w5
· W6 Microsoft Data Access Components (MDAC)
http://www.sans.org/top20/#w6
· W7 Windows Scripting Host (WSH)
http://www.sans.org/top20/#w7
· W8 Microsoft Outlook and Outlook Express
http://www.sans.org/top20/#w8
· W9 Windows Peer to Peer File Sharing (P2P)
http://www.sans.org/top20/#w9
· W10 Simple Network Management Protocol (SNMP) http://www.sans.org/top20/#w10
Top Vulnerabilities to UNIX Systems
· U1 BIND Domain Name System
http://www.sans.org/top20/#u1
· U2 Remote Procedure Calls (RPC)
http://www.sans.org/top20/#u2
· U3 Apache Web Server
http://www.sans.org/top20/#u3
· U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords
http://www.sans.org/top20/#u4
· U5 Clear Text Services
http://www.sans.org/top20/#u5
· U6 Sendmail
http://www.sans.org/top20/#u6
· U7 Simple Network Management Protocol (SNMP)
http://www.sans.org/top20/#u7
· U8 Secure Shell (SSH)
http://www.sans.org/top20/#u8
· U9 Misconfiguration of Enterprise Services NIS/NFS
http://www.sans.org/top20/#u9
· U10 Open Secure Sockets Layer (SSL)
http://www.sans.org/top20/#u10
The SANS Top Twenty is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws.