"This year, at the Black Hat conference in Las Vegas, the Pwnie Awards were awarded to the discoverers of different categories of distinguished vulnerabilities. The award in the category of "Best Server-Side Bug" went to Meder Kydyraliev for a vulnerability in the Apache Struts2 framework. With a single HTTP request which included five special parameters, he was able to execute arbitrary Java code on the web server." - ovigia from Bookmarklet

"Microsoft took the award in the "Most Epic FAIL" category for the error in Internet Explorer 8's XSS (Cross Site Scripting) filter which enabled XSS on otherwise secure sites for nearly a year." - ovigia