SQL injection

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

credentials, Don't miss, Dynatrace, enterprise, file-sharing, Fortra, Hot stuff, News, SQL injection, Tenable, vulnerability /

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) 2024-08-28 at 12:02 By Zeljka Zorz Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For […]

React to this headline:

Loading spinner

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) Read More »

VMware Patches Critical SQL-Injection Flaw in Aria Automation

Data Protection, SQL injection, VMWare, VMware Aria Automation, Vulnerabilities /

VMware Patches Critical SQL-Injection Flaw in Aria Automation 2024-07-10 at 20:01 By Ryan Naraine VMware warns that authenticated malicious users could enter specially crafted SQL queries and perform unauthorized read/write operations in the database. The post VMware Patches Critical SQL-Injection Flaw in Aria Automation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

VMware Patches Critical SQL-Injection Flaw in Aria Automation Read More »

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

CVE, Don't miss, exploit, file-sharing, Fortra, Hot stuff, MFT, News, PoC, SQL injection, Tenable, vulnerability /

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) 2024-06-27 at 12:31 By Zeljka Zorz A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to patch their installations as soon as possible.

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) Read More »

Low code, high stakes: Addressing SQL injection

Application Security, attacks, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, human error, News, Nokod Security, opinion, software development, SQL injection /

Low code, high stakes: Addressing SQL injection 2024-06-17 at 08:01 By Help Net Security Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source of web application vulnerabilities. Reasons include human error, new technologies

React to this headline:

Loading spinner

Low code, high stakes: Addressing SQL injection Read More »

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities

CISA, SQL injection, Vulnerabilities /

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities 2024-03-26 at 13:16 By Ionut Arghire CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software. The post US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities Read More »

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin

Incident Response, remote code execution, SQL injection, Ultimate Member, Vulnerabilities, WordPress /

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin 2024-02-26 at 17:33 By Ionut Arghire The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin. The post Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin Read More »

Millions of User Records Stolen From 65 Websites via SQL Injection Attacks

cybercrime, data breach, SQL injection /

Millions of User Records Stolen From 65 Websites via SQL Injection Attacks 2024-02-06 at 17:46 By Ionut Arghire The ResumeLooters hackers compromise recruitment and retail websites using SQL injection and XSS attacks. The post Millions of User Records Stolen From 65 Websites via SQL Injection Attacks appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Millions of User Records Stolen From 65 Websites via SQL Injection Attacks Read More »

ResumeLooters target job search sites in extensive data heist

cybercrime, cybersecurity, Group-IB, News, security assessment, SQL injection, XSS /

ResumeLooters target job search sites in extensive data heist 2024-02-06 at 12:47 By Help Net Security Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed ResumeLooters, successfully infected at least 65 websites between November and December 2023 through SQL injection and XSS

React to this headline:

Loading spinner

ResumeLooters target job search sites in extensive data heist Read More »

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)

Cacti, Don't miss, Hot stuff, network monitoring, News, open source, security update, SQL injection, Synopsys, vulnerability /

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) 2024-01-09 at 14:01 By Helga Labus A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information disclosure and potentially remote code execution. Cacti is often used in network operation centers of telecoms and web hosting

React to this headline:

Loading spinner

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) Read More »

New Threat Actor Uses SQL Injection Attacks to Steal Data From APAC Companies

cybercrime, SQL injection /

New Threat Actor Uses SQL Injection Attacks to Steal Data From APAC Companies 14/12/2023 at 19:20 By Ionut Arghire GambleForce uses SQL injections to hack gambling, government, retail, and travel websites to steal sensitive information. The post New Threat Actor Uses SQL Injection Attacks to Steal Data From APAC Companies appeared first on SecurityWeek. This

React to this headline:

Loading spinner

New Threat Actor Uses SQL Injection Attacks to Steal Data From APAC Companies Read More »

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network

Authentication Bypass, Big-IP, Citrix, CVE-2023-46747, CVE-2023-46748, CVE-2023-4966, exploit, Gateway Buffer Overflow, NetScaler, SQL injection, vulnerability /

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network 08/11/2023 at 16:02 By cybleinc Cyble’s Global Sensors capture multiple exploit attempts targeting vulnerable BIG-IP and Citrix NetScaler instances. The post Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network appeared first on Cyble. This article

React to this headline:

Loading spinner

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network Read More »

F5 BIG-IP vulnerabilities leveraged by attackers: What to do?

Don't miss, enterprise, F5 Networks, Hot stuff, News, patch, PoC, Praetorian, Project Discovery, SQL injection, traffic monitoring, vulnerability /

F5 BIG-IP vulnerabilities leveraged by attackers: What to do? 02/11/2023 at 14:01 By Zeljka Zorz The two BIG-IP vulnerabilities (CVE-2023-46747, CVE-2023-46748) F5 Networks has recently released hotfixes for are being exploited by attackers in the wild, the company has confirmed. “It is important to note that not all exploited systems may show the same indicators,

React to this headline:

Loading spinner

F5 BIG-IP vulnerabilities leveraged by attackers: What to do? Read More »

It’s time to patch your MOVEit Transfer solution again!

Don't miss, Hot stuff, Huntress, Kroll, Netcraft, News, Progress, SQL injection, vulnerability /

It’s time to patch your MOVEit Transfer solution again! 12/06/2023 at 16:47 By Zeljka Zorz Progress Software customers who use the MOVEit Transfer managed file transfer solution might not want to hear it, but they should quickly patch their on-prem installations again: With the help of researchers from Huntress, the company has uncovered additional SQL

React to this headline:

Loading spinner

It’s time to patch your MOVEit Transfer solution again! Read More »

Scroll to Top