Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-36934: Progress Customer Community

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

CVE
#sql#vulnerability#web#auth

Loading

×Sorry to interrupt

CSS Error

Refresh

Related news

MOVEit Transfer fixes three new vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: MOVEit Tags: vulnerabilities Tags: CVE-2023-36934 Tags: CVE-2023-36932 Tags: CVE-2023-36933 CISA has warned users about three new vulnerabilities in Progress Software's MOVEit Transfer software. (Read more...) The post MOVEit Transfer fixes three new vulnerabilities appeared first on Malwarebytes Labs.

MOVEit Transfer Faces Another Critical Data-Theft Bug

Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0p's data extortion rampage gallops on.

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907