I did a search of the past week and was surprised I didn’t fine this here.i always see this here first. Well I used too.

This is a list of the most commom vulns from last year, what their about and what you can do to defend against them. It’s really quit a good read


http://www.sans.org/top20/#u2

This updated SANS Top Twenty is actually two Top Ten lists: the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited vulnerable services in UNIX and Linux.

The Top Twenty is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious federal agencies in the US, UK and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute.

Windows

· W1 Internet Information Services (IIS)
http://www.sans.org/top20/#w1

· W2 Microsoft SQL Server (MSSQL)
http://www.sans.org/top20/#w2

· W3 Windows Authentication
http://www.sans.org/top20/#w3

· W4 Internet Explorer (IE)
http://www.sans.org/top20/#w4

· W5 Windows Remote Access Services
http://www.sans.org/top20/#w5

· W6 Microsoft Data Access Components (MDAC)
http://www.sans.org/top20/#w6

· W7 Windows Scripting Host (WSH)
http://www.sans.org/top20/#w7

· W8 Microsoft Outlook and Outlook Express
http://www.sans.org/top20/#w8

· W9 Windows Peer to Peer File Sharing (P2P)
http://www.sans.org/top20/#w9

· W10 Simple Network Management Protocol (SNMP) http://www.sans.org/top20/#w10


Top Vulnerabilities to UNIX Systems

· U1 BIND Domain Name System
http://www.sans.org/top20/#u1

· U2 Remote Procedure Calls (RPC)
http://www.sans.org/top20/#u2

· U3 Apache Web Server
http://www.sans.org/top20/#u3

· U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords
http://www.sans.org/top20/#u4

· U5 Clear Text Services
http://www.sans.org/top20/#u5

· U6 Sendmail
http://www.sans.org/top20/#u6

· U7 Simple Network Management Protocol (SNMP)
http://www.sans.org/top20/#u7

· U8 Secure Shell (SSH)
http://www.sans.org/top20/#u8

· U9 Misconfiguration of Enterprise Services NIS/NFS
http://www.sans.org/top20/#u9

· U10 Open Secure Sockets Layer (SSL)
http://www.sans.org/top20/#u10


The SANS Top Twenty is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws.