SQL injection is probably today's biggest security issue. This problem has been known about for years, but seven out of ten Web applications are still vulnerable. I find it extremely frustrating.
On November 7 NGS alerted NISCC to the problem. It was hoped that due to the severity of the problem that Oracle would release a fix or a workaround for this in the January 2006 Critical Patch Update. They failed to do so.