Just found the following list on the internet:

1. Cross site scripting (XSS)
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access

And that brings me back to the previous post and how important (and sometimes easy) it is to check the own websites for thise kind of vulnerabilities.

Urs

http://blogs.technet.com/ms_schweiz_security_blog/archive/2007/10/24/xssdetect-code-analysis-tool.aspx