Is there a guide of general/common IT vulnerabilities?
It's not exactly a guide, but I believe CWE - Common Weakness Enumeration is excellent source of common software vulnerabilities (not just web) and it is up to date. And of course for web application, the OWASP site contains a lot of useful information about web application vulnerabilities.
Check out the security benchmark/checklist resources from:
http://cisecurity.org/
The Center for Internet Security (CIS) is a non-profit enterprise whose Benchmarking and Metrics Division helps organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. The Division provides enterprises with consensus best practice standards for security configurations, as well as resources for measuring information security status and for making rational decisions about security investments.http://iase.disa.mil/stigs/checklist/
Defense Information Systems Agency (DISA)http://web.nvd.nist.gov/view/ncp/repository
http://csrc.nist.gov/fdcc/faq-common_security_configurations.html The National Checklist Program (NCP), defined by the NIST SP 800-70 Rev. 1, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.
Running through a few checklists that pertain to your environment can give you a quick idea of things to watch out for.
The main four to look at (depending on what types you're interested in), some of these have been mentioned:
- OWASP Top 10
- SANS Top 25
- MITRE's common weaknesses
- MITRE's common vulnerabilities