One of the most common (and easiest to avoid) vulnerabilities made by novice programmers allows SQL injection. This occurs when server-side code sends user-submitted data to a database using SQL:
Consider what would happen if the $value variable contained:
Traditionally, buffer overruns constitute the majority of security problems in code. This can effect any language that doesn't check array bounds at runtime (C or C++ for example). Consider the following code:
If the user can provide an arbitrary length string in the variable user_string, then an attacker could manipulate memory outside the bounds of the buffer array.
Here is an example of bad code which is could easily be exploited: