During Black Hat conference "Vulnerability Oscars" were awarded. Persons and companies received Pwnie Awards.

The award in category "Best Server-Side Bug" went to Meder Kydyraliev for discovering a flaw in Apache Struts2 framework. The vulnerability allows to launch arbitrary Java code on server via single HTTP request.

The "Best Client-Side Bug" was given to Sami Koivu, that made an exploit that break Java sandbox and allows to launch code with logged on user's privileges.

Dionysus Blazakis received the award of "Most Innovative Research" for paper "Flash Pointer Interference and JIT spraying" and Tavis Ormandy was awarded for "Best Privilege Escalation Bug".

The award for "Lamest Vendor Response" was given to Absolute company. Microsoft received the award in "Most Epic FAIL" category, because Internet Explorer 8 for nearly a year allowed to launch XSS attack on otherwise secure websites.

Source: Heise Online
30.07.2010