Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Xhibiter NFT Marketplace 1.10.2 SQL Injection

Xhibiter NFT Marketplace version 1.10.2 suffers from a remote SQL injection vulnerability.

Packet Storm
#sql#vulnerability#google#linux#auth
Customer Support System 1.0 Cross Site Scripting

Customer Support System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of cross site scripting in this version is attributed to Ahmed Abba in November of 2020.

CISA's Flags Memory-Unsafe Code in Major Open Source Projects

Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to code bases anytime soon.

Ubuntu Security Notice USN-5616-3

Ubuntu Security Notice 5616-3 - USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

API security: The importance of rate limiting policies in safeguarding your APIs

In today's networked digital world, application programming interface (API) security is a crucial component in safeguarding private information and strengthening the integrity of online transactions. The potential for attack has increased dramatically as a result of the growing use of applications that depend on APIs to communicate across systems and services.It's also important to protect against malevolent actors who try to take advantage of API vulnerabilities for illegal access, data breaches and service interruptions. Strong API security measures are needed to establish trust, reduce risk

MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers

While Progress has released patches for the vulnerabilities, attackers are trying to exploit them before organizations have a chance to remediate.

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt injection in the "ask" function that could be exploited to trick the library into executing arbitrary

Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139. "An SQL injection vulnerability in

'P2PInfect' Worm Grows Teeth With Miner, Ransomware & Rootkit

For a while, the botnet spread but did essentially nothing. All the malicious payloads came well after.

New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks

A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER. "The threat actor behind this campaign has been carrying out opportunistic SQL injection attacks against websites in various countries since at least 2022," Group-IB researchers Rustam Mirkasymov and Martijn van den Berk said in a