Top 10 Vulnerabilities
The Top 20 external and internal vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the "Laws of Vulnerabilities", this information is computed anonymously from over 500 million IP audits per year. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside organization's firewalls.
Top 10 External Vulnerabilities: September 2010
| Title | QualysID | CVE Reference | Ext. Reference |
|---|---|---|---|
| HTTP method 'DELETE' Enabled | 86237 | N/A | N/A |
| Microsoft Windows Server Service Could Allow Remote Code Execution | 90464 |
CVE-2008-4250
|
MS08-067 |
| Microsoft SMB Remote Code Execution Vulnerability | 90477 |
CVE-2008-4834
CVE-2008-4835 CVE-2008-4114 |
MS09-001 |
| Microsoft MSDTC and COM+ Remote Code Execution Vulnerability | 90274 |
CVE-2005-1978
CVE-2005-2119 CVE-2005-1979 CVE-2005-1980 |
MS05-051 |
| Microsoft Windows DCO0M RPCSS Service Vulnerabilities | 68522 |
CVE-2003-0715
CVE-2003-0528 CVE-2003-0605 CVE-2003-0995 |
MS03-039 |
| Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability | 68518 |
CVE-2003-0352
|
MS03-026 |
| Microsoft IIS FTP Server Remote Stack Based Overflow | 27302 |
CVE-2009-3023
CVE-2009-2521 |
N/A |
| Apache Chunked-Encoding Memory Corruption Vulnerability | 86352 |
CVE-2002-0392
|
N/A |
| Writeable SNMP Information | 78031 |
CVE-1999-0792
CVE-2000-0147 CVE-2001-0380 CVE-2001-1210 CVE-2002-0478 CVE-2000-0515 |
N/A |
| Debian OpenSSL Package Random Number Generator Weakness | 42007 |
CVE-2008-0166
|
N/A |
FREE Scan of the Top 10 External Vulnerabilities 
Top 10 Internal Vulnerabilities: September 2010
| Title | QualysID | CVE Reference | Ext. Reference |
|---|---|---|---|
| Adobe Flash Player Multiple Vulnerabilities | 115593 |
CVE-2007-2022
CVE-2007-3456 CVE-2007-3457 |
APSB07-12 |
| Adobe Flash Player Update Available to Address Security Vulnerabilities | 116244 |
CVE-2009-0519
CVE-2009-0520 CVE-2009-0522 CVE-2009-0114 CVE-2009-0521 |
APSB09-01 |
| Adobe Acrobat and Adobe Reader Multiple Vulnerabilities | 115847 |
CVE-2008-2641
|
APSB08-15 |
| Adobe Reader JavaScript Methods Memory Corruption Vulnerability | 116399 |
CVE-2009-1492
CVE-2009-1493 |
APSA09-02 and APSB09-06 |
| Sun Java Multiple Vulnerabilities | 116174 |
CVE-2008-2086
CVE-2008-5339 CVE-2008-5340 CVE-2008-5341 CVE-2008-5342 CVE-2008-5343 CVE-2008-5344 CVE-2008-5345 CVE-2008-5348 CVE-2008-5350 CVE-2008-5351 CVE-2008-5353 CVE-2008-5354 CVE-2008-5356 CVE-2008-5357 CVE-2008-5359 CVE-2008-5360 |
244988 and others |
| Microsoft Office PowerPoint Could Allow Remote Code Execution | 110094 |
CVE-2009-0556
CVE-2009-0220 CVE-2009-0221 CVE-2009-0222 CVE-2009-0223 CVE-2009-0224 CVE-2009-0225 CVE-2009-0226 CVE-2009-0227 CVE-2009-1128 CVE-2009-1129 CVE-2009-1130 CVE-2009-1131 CVE-2009-1137 |
MS09-017 |
| Microsoft Excel Remote Code Execution Vulnerability | 110093 |
CVE-2009-0238
CVE-2009-0100 |
MS09-009 |
| Sev4 Microsoft Word Multiple Remote Code Execution Vulnerabilities | 110092 |
CVE-2008-4024
CVE-2008-4025 CVE-2008-4026 CVE-2008-4027 CVE-2008-4028 CVE-2008-4030 CVE-2008-4031 CVE-2008-4837 |
MS08-072 |
| WordPad and Office Text Converters Remote Code Execution Vulnerability | 90474 |
CVE-2008-4841
CVE-2009-0087 CVE-2009-0088 CVE-2009-0235 |
MS09-010 |
| Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution | 90503 |
CVE-2009-1537
CVE-2009-1538 CVE-2009-1539 |
MS09-028 |
