The new SANS 2004 Top 20 list of critical Internet security vulnerabilities is out. It's actually two top-10 lists, one for Windows and one for UNIX:

Top Vulnerabilities to Windows SystemsW1 Web Servers & Services W2 Workstation Service W3 Windows Remote Access Services W4 Microsoft SQL Server (MSSQL) W5 Windows Authentication W6 Web Browsers W7 File-Sharing Applications W8 LSAS Exposures W9 Mail Client - W10 Instant Messaging

Top Vulnerabilities to UNIX SystemsU1 BIND Domain Name System U2 Web Server U3 Authentication U4 Version Control Systems U5 Mail Transport Service U6 Simple Network Management Protocol (SNMP) U7 Open Secure Sockets Layer (SSL) U8 Misconfiguration of Enterprise Services NIS/NFS U9 Databases - U10 Kernel