Tag: injection
-
Prompt Injection Vulnerability in EmailGPT Discovered
by
in SecurityNewsThe vulnerability allows attackers to manipulate the AI service to steal data. CyRC recommends immediately removing the application to prevent exploit… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/prompt-injection-vulnerability-in-emailgpt-discovered/
-
CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsCISA adds Oracle WebLogic Server OS command injection vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrast… First seen on securityaffairs.com Jump to article: securityaffairs.com/164094/hacking/cisa-adds-oracle-weblogic-server-flaw-to-its-known-exploited-vulnerabilities-catalog.html
-
Zyxel NAS Devices Vulnerability Let Attackers Execute Code Remotely
by
in SecurityNewsZyxel has released patches addressing critical command injection and remote code execution vulnerabilities in two of its NAS products, NAS326 and NAS5… First seen on gbhackers.com Jump to article: gbhackers.com/zyxel-nas-devices-vulnerability/
-
Root-Zugriff durch SQL-Injection-Lücke in Firepower möglich
by
in SecurityNewsFirst seen on heise.de Jump to article: www.heise.de/news/Cisco-Root-Zugriff-durch-SQL-Injection-Luecke-in-Firepower-moeglich-9729121.html
-
Critical wpDataTables Vulnerability Let Attackers Perform SQL Injection
by
in SecurityNewsA critical security vulnerability has been discovered in the wpDataTables WordPress Data Table, Dynamic Tables & Table Charts Plugin, a popular pl… First seen on gbhackers.com Jump to article: gbhackers.com/critical-wpdatatables-vulnerability/
-
Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks
by
in SecurityNewsA critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software’s web-based management interface. This vulnerability… First seen on gbhackers.com Jump to article: gbhackers.com/cisco-firepower-vulnerability/
-
A high-severity vulnerability affects Cisco Firepower Management Center
by
in SecurityNewsCisco addressed a SQL injection vulnerability in the web-based management interface of the Firepower Management Center (FMC) Software. Cisco addresse… First seen on securityaffairs.com Jump to article: securityaffairs.com/163718/security/a-high-severity-vulnerability-affects-cisco-firepower-management-center.html
-
Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)
by
in SecurityNewsIvanti addressed multiple flaws in the Endpoint Manager (EPM), including remote code execution vulnerabilities. Ivanti this week rolled out security p… First seen on securityaffairs.com Jump to article: securityaffairs.com/163587/security/ivanti-endpoint-manager-critical-sql-injection.html
-
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
by
in SecurityNewsIn early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet FortiSIEM. Several issues… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/
-
Lethal Injection: Microsoft AI-Bot für das Gesundheitswesen mal eben gehackt
by
in SecurityNewsEin Nutzer behauptet, dass er den Microsoft AI-Bot für das Gesundheitswesen mal eben an einem Freitagabend gehackt habe. Konkret hat er wohl Prompts a… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/05/13/lethal-injection-microsoft-ai-bot-fr-das-gesundheitswesen-mal-eben-gehackt/
-
LLMs & Malicious Code Injections: ‘We Have to Assume It’s Coming’
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/application-security/llms-malicious-code-injections-we-have-to-assume-its-coming-
-
LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
by
in SecurityNewsIs your WordPress site using LiteSpeed Cache? A recent surge in malicious JavaScript injections targets vulnerable versions. Learn how to identify the… First seen on hackread.com Jump to article: www.hackread.com/litespeed-cache-plugin-xss-vulnerability-wordpress-sites/
-
F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)
by
in SecurityNewsEclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/09/cve-2024-21793-cve-2024-26026/
-
Researchers Hacked Apple Infrastructure Using SQL Injection
by
in SecurityNewsResearchers found several points of entry for potential attackers, one of which was Apple’s Book Travel portal, where they took advantage of a signifi… First seen on gbhackers.com Jump to article: gbhackers.com/apple-infrastructure-sql-injection/
-
Palo Alto Networks discloses RCE zero-day vulnerability
by
in SecurityNews
Tags: exploit, flaw, injection, network, rce, remote-code-execution, software, threat, vulnerability, zero-dayThreat actors have exploited the remote code injection flaw, which affects the GlobalProtect gateway in Palo Alto Networks’ PAN-OS software, in a ‘lim… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366580732/Palo-Alto-Networks-discloses-RCE-zero-day-vulnerability
-
Linksys Router Flaw Let Attackers Perform Command Injection, PoC Released
by
in SecurityNewsLinksys routers were discovered with two vulnerabilities: CVE-2024-33788 and CVE-2024-33789. These vulnerabilities were associated with Command Inject… First seen on gbhackers.com Jump to article: gbhackers.com/linksys-router-flaw-command-injection/
-
Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/04/10/rust_critical_vulnerability_windows/
-
Attackers Leverage Sidecar Container Injection Technique To Stay Stealthy
by
in SecurityNewsKubernetes (K8s) is an open-source container orchestration platform designed to automate application container deployment, scaling, and running. Cont… First seen on gbhackers.com Jump to article: gbhackers.com/sidecar-container-injection-technique/
-
Grafana Tool Vulnerability Let Attackers Inject SQL Queries
by
in SecurityNewsThe popular open-source platform Grafana, widely used for monitoring and observability, has been found to contain a severe SQL injection vulnerability… First seen on gbhackers.com Jump to article: gbhackers.com/grafana-tool-vulnerability/
-
Fileless .NET Based Code Injection Attack Delivers AgentTesla Malware
by
in SecurityNewsA recent malware campaign used a VBA macro in a Word document to download and execute a 64-bit Rust binary. This binary employs fileless injection tec… First seen on gbhackers.com Jump to article: gbhackers.com/clr-hosting-used-by-agenttesla/
-
Over 1,400 CrushFTP servers vulnerable to actively exploited bug
by
in SecurityNews‹Over 1,400 CrushFTP servers exposed online were found vulnerable to attacks currently targeting a critical severity server-side template injection (S… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-1-400-crushftp-servers-vulnerable-to-actively-exploited-bug/
-
WP Automatic WordPress plugin hit by millions of SQL injection attacks
by
in SecurityNewsHackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wp-automatic-wordpress-plugin-hit-by-millions-of-sql-injection-attacks/
-
PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)
by
in SecurityNewsMore details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/24/poc-cve-2024-2389/
-
SQL injection vulnerability in Fortinet software under attack
by
in SecurityNewsFortinet and CISA confirmed CVE-2023-48788 is being actively exploited. But the Shadowserver Foundation found that many vulnerable instances remain on… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366575417/SQL-injection-vulnerability-in-Fortinet-software-under-attack
-
Multiple MySQL2 Flaw Let Attackers Arbitrary Code Remotely
by
in SecurityNewsThe widely used MySQL2 has been discovered to have three critical vulnerabilities: remote Code execution, Arbitrary code injection, and Prototype Poll… First seen on gbhackers.com Jump to article: gbhackers.com/multiple-mysql2-flaws-remote-code-execution/
-
22,500 Palo Alto firewalls possibly vulnerable to ongoing attacks
by
in SecurityNewsApproximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vu… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/22-500-palo-alto-firewalls-possibly-vulnerable-to-ongoing-attacks/
-
Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available
by
in SecurityNewsCisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly available exploit code exists. Cisc… First seen on securityaffairs.com Jump to article: securityaffairs.com/161975/hacking/cisco-integrated-management-controller-bug.html
-
Critical ‘BatBadBut’ Rust Vulnerability Exposes Windows Systems to Attacks
by
in SecurityNewsA critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks.The vulnerability… First seen on thehackernews.com Jump to article: thehackernews.com/2024/04/critical-batbadbut-rust-vulnerability.html
-
Uncle Sam’s had it up to here with ‘unforgivable’ SQL injection flaws
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/03/26/fbi_cisa_sql_injection/
-
Multiple botnets exploiting one-year-old TP-Link flaw to hack routers
by
in SecurityNewsAt least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/multiple-botnets-exploiting-one-year-old-tp-link-flaw-to-hack-routers/