It's the same today, only it's webapps instead of unix utilities. Simplest bugs in the world, still devs don't pay attention to them. Simple like not sanitizing inputs, injecting stuff straight into sql queries or exec commands, dumping customer data / passwords / all environment variables into logs and error messages, etc.