Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

OmniCart 3.4.0 Cross Site Scripting

OmniCart version 3.4.0 suffers from a cross site scripting vulnerability.

Packet Storm
#sql#xss#vulnerability#web#php#auth#ssh
LearnDesk 1.0 Cross Site Scripting

LearnDesk version 1.0 suffers from a cross site scripting vulnerability.

BB Machine Forum 1.0 Cross Site Scripting

BB Machine Forum version 1.0 suffers from a cross site scripting vulnerability.

Expert X Jobs Portal And Resume Builder 1.0 Cross Site Scripting

Expert X Jobs Portal And Resume Builder version 1.0 suffers from a cross site scripting vulnerability.

Ormesson-Immobilier CMS 8 SQL Injection

Ormesson-Immobilier CMS version 8 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CVE-2023-35036: Progress Customer Community

In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

CVE-2023-35036

In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

More MOVEit vulnerabilities found while the first one still resonates

Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: MOVEit Tags: Progress Tags: Cl0p Tags: ransomware Tags: CVE-2023-34362 A security audit of the MOVEit code has revealed more SQL injection vulnerabilities, while victims of the first vulnerability are coming to the surface. (Read more...) The post More MOVEit vulnerabilities found while the first one still resonates appeared first on Malwarebytes Labs.

CVE-2023-22583

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.

New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered - Patch Now!

Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. "Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain