We are talking a lot of security issues in the infrastructure or with the users. We often overlook the application as a possible source for vulnerabilities. Pretty often, as an example, vulnerabilities in backup software cause major problems.
Here you find a collection of the "Top Ten" Application Security vulnerabilities: http://www.owasp.org/index.php/OWASP_Top_Ten_Project
A pretty interesting list