SQL injection Archives - Page 4 of 6

Pierluigi Paganini March 16, 2015

ICS-CERT MONITOR report states most critical infrastructure attacks involve APTs

DHS ICS-CERT MONITOR report reveals that most critical infrastructure attacks involve APTs, but organizations lack monitoring capabilities. The DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued its new ICS-CERT MONITOR report related to the period September 2014 – February 2015. The ICS-CERT MONITOR report According to the report, the Industrial Control Systems […]

Pierluigi Paganini February 26, 2015

More than 1 Million WordPress websites are vulnerable to blind SQL Injection Attacks

A security bug in the WordPress plugin WP-Slimstat could be exploited by attackers to discover a “secret” key and use it to run blind SQL Injections. More than one million WordPress sites are potentially vulnerable to SQL injection attacks due to the presence of a critical flaw in the popular plugin WP-Slimstat. WP-Slimstat is an analytics plugin for […]

Pierluigi Paganini October 30, 2014

Drupal community under attack due to a critical SQL injection flaw

A security advisory issued by Drupal assumes that every installation of the popular CMS based in the version 7.x was compromised unless patched. Earlier this month, Drupal patched a critical SQL injection vulnerability (CVE-2014-3704) that exists in all Drupal core 7.x versions up to the recently-released 7.32 version, which fixed the issue. There is an emergency in the […]

Pierluigi Paganini October 13, 2014

WAAR report – Web Attacks continue to increase, especially those launched from Amazon servers

The WAAR report issued by Imperva states that Web Attacks increasingly launched from Amazon servers, the overall number of attacks is also increasing. Cloud computing is considered an amazing opportunity for cybercrime, from the perspective of an attacher these powerful architectures have the necessary resources to conduct powerful attacks, and consider also that often the data archived in […]

Pierluigi Paganini October 09, 2014

Yahoo Contributors Network affected by Blind & Time Based SQL Injection flaws

Yahoo! Contributors Network was affected by a serious Time based Blind SQL Injection vulnerability which allows the theft of sensitive data. The Yahoo! Contributors Network allows writers to submit articles, videos, it also allows contributors to receive assignments from Yahoo related various domains like Sports and Finance. The security researcher Behrouz Sadeghipour reported to that The Yahoo! Contributors Network (contributor.yahoo.com) is […]

Pierluigi Paganini September 20, 2014

Yahoo SQL Injection flaw allows Remote Code Execution and privileges scalation

The Egyptian hacker Ebrahim Hegazy has discovered a critical Yahoo SQL Injection flaw exploitable to Remote Code Execution and privilege escalation. My readers know very well the Egyptian hacker Ebrahim Hegazy, he is a great security expert and a friend of mine, which disclosed numerous critical flaws in most popular web services, including Microsoft, Yahoo and Orange. […]

Pierluigi Paganini May 29, 2014

Nice Recording eXpress lawful intercept solution is flawed

Researchers at SEC Consult Vulnerability Lab discovered that Nice Recording eXpress lawful intercept software contains numerous flaws, including a backdoor. Nice Recording eXpress voice-recording package software used by law enforcement to intercept communications of suspects under investigation contains various flaws, this is the discovery of security researchers at SEC Consult Vulnerability Lab. The researchers have recently published an […]

Pierluigi Paganini April 18, 2014

Ponemon study – SQL Injection attacks too dangerous for organizations

A new study conducted by the Ponemon Institute reveals the impact of successfully SQL injection attacks on organizations during the last year. The Ponemon Institute published a new study titled “The SQL Injection Threat Study“ to understand the reply of organizations to the SQL injection threat. The study is sponsored by DB Networks, its Chairman and CEO Brett Helm used the following […]

Pierluigi Paganini April 15, 2014

Flickr affected by critical SQL Injection and Remote Code Execution bugs

The security expert Ibrahim Raafat discovered critical SQL injection vulnerabilities in Flickr Photo Books which allow attackers to gain complete control of the server and its database. The giant of online photo management and sharing Flickr, a Yahoo-owned company, was affected by critical vulnerabilities which allow attackers to gain access to the webserver website database. The alarming discovery […]

Pierluigi Paganini December 14, 2013

German researcher found remote code execution flaw on EBay subdomain

The German security researcher David Vieira-Kurz discovered a critical vulnerability in the Ebay website that allows an attacker a remote code execution. The German security researcher David Vieira-Kurz discovered a critical vulnerability in the official Ebay website in particular in its sub domain http://sea.ebay.com that allows an attacker a remote code execution. It’s not the first time […]

SQL injection

ICS-CERT MONITOR report states most critical infrastructure attacks involve APTs

More than 1 Million WordPress websites are vulnerable to blind SQL Injection Attacks

Drupal community under attack due to a critical SQL injection flaw

WAAR report – Web Attacks continue to increase, especially those launched from Amazon servers

Yahoo Contributors Network affected by Blind & Time Based SQL Injection flaws

Yahoo SQL Injection flaw allows Remote Code Execution and privileges scalation

Nice Recording eXpress lawful intercept solution is flawed

Ponemon study – SQL Injection attacks too dangerous for organizations

Flickr affected by critical SQL Injection and Remote Code Execution bugs

German researcher found remote code execution flaw on EBay subdomain

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Auchan discloses data breach: data of hundreds of thousands of customers exposed

U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog

Docker fixes critical Desktop flaw allowing container escapes

Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware

Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

QUICK LINKS

SQL injection

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!