The Top 20 external and internal vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the "Laws of Vulnerabilities", this information is computed anonymously from over 150 million IP audits per year. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside organization's firewalls.
Top 10 External Vulnerabilities: July 2009
| Title | QualysID | CVE Reference | Ext. Reference |
|---|---|---|---|
| Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability | 86765 | CVE-2007-2815 | N/A |
| Apache Tomcat JK Web Server Connector Security Bypass Vulnerability | 86764 | CVE-2007-1860 | N/A |
| ISC BIND Remote Cache Poisoning Vulnerability | 15053 | CVE-2007-2926, CVE-2007-2930 |
N/A |
| ProFTPD SReplace Remote Buffer Overflow Vulnerability | 27285 | CVE-2006-5815 | N/A |
| Windows DNS RPC Interface Remote Code Execution Vulnerability | 90394 | CVE-2007-1748 | MS07-029 |
| Multiple Cisco TCP/IP Vulnerabilities | 43128 | CVE-2007-0480 | N/A |
| Oracle October 2007 Security Update Multiple Vulnerabilities | 19223 | NO CVE | N/A |
| Asterisk SIP Channel Driver Remote Denial of Service Vulnerability | 38577 | CVE-2007-1306 | N/A |
| MySQL Security Invoker Privilege Escalation Vulnerability | 19217 | CVE-2007-2692 | N/A |
| Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows | 74228 | CVE-2007-2795 | N/A |
FREE Scan of the Top 10 External Vulnerabilities 
Top 10 Internal Vulnerabilities: July 2009
| Title | QualysID | CVE Reference | Ext. Reference |
|---|---|---|---|
| Microsoft Internet Explorer Zone Denial of Service Vulnerability | 100048 | CVE-2007-3550 | N/A |
| CAPICOM Remote Code Execution Vulnerability | 115550 | CVE-2007-0940 | MS07-028 |
| Adobe Flash Player Multiple Vulnerabilities | 115593 | CVE-2007-2022, CVE-2007-3456, CVE-2007-3457 |
APSB0712 |
| Sun Java RunTime Environment GIF Images Buffer Overflow Vulnerability | 115501 | CVE-2007-0243 | N/A |
| Cumulative Security Update for Internet Explorer | 100047 | CVE-2007-2222 | MS07-033 |
| Cumulative Security Update for Outlook Express and Windows Mail | 90398 | CVE-2006-2111, CVE-2007-1658, CVE-2007-2225, CVE-2007-2227 |
MS07-034 |
| Microsoft Office Remote Code Execution Vulnerability | 110059 | CVE-2007-1747 | MS07-025 |
| Microsoft .NET Framework Remote Code Execution Vulnerabilities | 90401 | CVE-2007-0041, CVE-2007-0042, CVE-2007-0043 |
MS07-040 |
| Microsoft XML Core Services Could Allow Remote Code Execution | 90405 | CVE-2007-1749 | MS07-042 |
| Vulnerabilities in Windows Media Player Could Allow Remote Code Execution | 90406 | CVE-2007-3037, CVE-2007-3035 |
MS07-047 |
You can also check the real time vulnerability counter from the Qualys KnowledgeBase.
