Lax Security Settings

Failing to secure directories on web-servers is another common mistake - open directory listings can expose sensitive files to an attacker.