Scouring data from Mitre, OWASP, SANS, OSVDB, Symantec, US-CERT and their internal research, Cenzic details the top vulnerabilities for the last quarter of 2009. The most severe vulnerabilities uncovered during this time included the following:
- Adobe Flash Media Server Directory Traversal Vulnerability
- Juniper Networks JUNOS J-Web Multiple Cross Site Scripting And HTML Injection Vulnerabilities
- Citrix XenCenterWeb Multiple Vulnerabilities
- Oracle E-Business Suite Multiple Remote Vulnerabilities
- Websense Email Security Cross-Site Scripting and HTML Injection Vulnerabilities
- SSLv3/TLS Renegotiation Stream Injection
- Active Directory Federation Services (ADFS) in Microsoft Windows Server IIS Arbitrary Code Execution
- HP ProCurve Switch Management Interface Multiple HTML Injection Vulnerabilities
- Sun Virtual Desktop Infrastructure Authentication Mechanism Unauthorized Access Vulnerability
- Sun Java SE November 2009 Multiple Security Vulnerabilities