OWASP CVEs for Sensitive Data Exposure in 2009