Tag: sql
-
VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX
VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. The vulnerability is an authenticated SQL injection vulnerability in HCX, it was privately…
-
VMware HCX: Codeschmuggel durch SQLLücke möglich
Broadcom hat mit einem Update eine Sicherheitslücke in VMware HCX geschlossen. Angreifer können durch sie Code einschleusen und ausführen. First seen on heise.de Jump to article: www.heise.de/news/VMware-HCX-Codeschmuggel-durch-SQL-Injection-Luecke-moeglich-9983875.html
-
Oracle October 2024 Critical Patch Update Addresses 198 CVEs
Oracle addresses 198 CVEs in its fourth quarterly update of 2024 with 334 patches, including 35 critical updates. Background On October 15, Oracle released its Critical Patch Update (CPU) for October 2024, the fourth and final quarterly update of the year. This CPU contains fixes for 198 CVEs in 334 security updates across 28 Oracle…
-
Palo Alto Expedition: From N-Day to Full Compromise
On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition application admin credentials. While we had never heard of Expedition application before, it’s advertised as: The purpose of this tool is to help reduce the time and efforts of migrating a configuration from…
-
Understanding Your SQL Database: A Comprehensive Guide
SQL has become the standard language for interacting with relational databases. An SQL database uses tables to store and manage structured data with a focus on data integrity and relationships. MySQL, MariaDB, and PostgreSQL are popular SQL databases known for their reliability, performance, and versatility. SQL (Structured Query Language) is a powerful computer language… First…
-
Ivanti Confirms Exploitation of an Old Critical Vuln
Remote Code Execution Bug Exploited in Limited Attacks. Ivanti confirmed that hackers are exploiting an SQL injection vulnerability in its Ivanti Endpoint Manager enabling remote code execution, despite the company addressing the issue with a patch in May. The flaw allows unauthenticated attackers within the same network to execute arbitrary code. First seen on govinfosecurity.com…
-
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/03/cve-2024-29824/
-
U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog
Tags: apache, cisa, cybersecurity, exploit, infrastructure, kev, linux, microsoft, oracle, sql, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these…
-
Contractor Software Targeted via Microsoft SQL Server Loophole
By accessing the MSSQL, threat actors gain admin-level access to the application, allowing them to automate their attacks. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/contractor-software-targeted-mssql-loophole
-
MSSQL for Pentester: Command Execution with xp_cmdshell
Transact-SQL (T-SQL) is an extension of the SQL language used primarily in Microsoft SQL Server. T-SQL expands the functionality of SQL by adding proc… First seen on hackingarticles.in Jump to article: www.hackingarticles.in/mssql-for-pentester-command-execution-with-xp_cmdshell/
-
Flugverkehr: Sicherheitskontrollen per SQL-Injection umgangen
Ein Forscherduo hat eine Sicherheitslücke mit potenziell gravierenden Auswirkungen auf die Flugsicherheit entdeckt. Angeblich ließen sich sogar unbefu… First seen on golem.de Jump to article: www.golem.de/news/flugverkehr-sicherheitskontrollen-per-sql-injection-umgangen-2408-188552.html
-
Four zero-days fixed for September Patch Tuesday
Most corrections this month focus on the Windows OS, but enterprises that rely on SQL Server or SharePoint should prioritize deploying the security updates for those platforms. Source: www.techtarget.com/searchwindowsserver/news/366610256/Four-zero-days-fixed-for-September-Patch-Tuesday comments: 0
-
Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days
Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for September 2024 addressed 79 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; SQL Server; Windows Hyper-V; Mark of the Web (MOTW); and the Remote Desktop Licensing…
-
Ubuntu Fixes a High-Severity PostgreSQL Vulnerability
PostgreSQL is an open-source, widely used object relational SQL database. However, like any other software, it is not immune to vulnerabilities. A new high-severity vulnerability has been discovered in PostgreSQL versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20. Canonical has released security updates to address this vulnerability in different releases, including Ubuntu 24.04 LTS,……
-
Shocking SQL Injection in TSA App, Bitcoin ATM Scams Targeting Seniors
This week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclosure. Plus, we shed light on the alarming rise of Bitcoin ATM scams exploiting older adults, providing essential tips to protect your loved ones from these devious schemes. Tune in for unique insights……
-
Tired Of Airport Security Queues? SQL Inject Yourself Into The Cockpit, Claims Reseachers
Tags: sqlFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36279/Tired-Of-Airport-Security-Queues-SQL-Inject-Yourself-Into-The-Cockpit-Claims-Reseachers.html
-
Flughafen-Sicherheitskontrollen in den USA über SQL-Injection umgangen
First seen on heise.de Jump to article: www.heise.de/news/TSA-Airport-Sicherheitskontrollen-per-SQL-Injection-ausgehebelt-9853305.html
-
SQL Injection Attack on Airport Security
Interesting vulnerability: …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots an… Source: securityboulevard.com/2024/09/sql-injection-attack-on-airport-security/ comments: 0
-
TSA-Airport-Sicherheitskontrollen per SQL-Injection ausgehebelt
First seen on heise.de Jump to article: www.heise.de/news/TSA-Airport-Sicherheitskontrollen-per-SQL-Injection-ausgehebelt-9853305.html
-
Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers
Tags: sqlFirst seen on theregister.com Jump to article: www.theregister.com/2024/08/30/sql_injection_known_crewmember/
-
Progress WhatsUp Gold Vulnerabilities Let Attackers Inject SQL Commands
The Progress WhatsUp Gold team confirmed the existence of critical vulnerabilities in all versions of their software released before 2024.0.0. If expl… First seen on gbhackers.com Jump to article: gbhackers.com/progress-whatsup-gold-vulnerabilities/
-
PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions
A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to execute arbitrary SQL functions. This vu… First seen on gbhackers.com Jump to article: gbhackers.com/postgresql-vulnerability-hackers-execute-arbitrary-sql-functions/
-
STAC6451 Hacker Hijacking Microsoft SQL Servers to Compromise Organizations
A sophisticated threat activity cluster, STAC6451, has been identified targeting Microsoft SQL servers. This cluster, primarily observed by Sophos Man… First seen on gbhackers.com Jump to article: gbhackers.com/stac6451-hijacking-microsoft-sql-servers/
-
USENIX Security ’23 SQIRL: Grey-Box Detection of SQL Injection Vulnerabilities Using Reinforcement Learning
Authors/Presenters:Salim Al Wahaibi, Myles Foley, Sergio Maffeis Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/usenix-security-23-sqirl-grey-box-detection-of-sql-injection-vulnerabilities-using-reinforcement-learning/
-
Broadcom liefert Update für CVE-2024-22280 – VMware Aria Automation und Cloud Foundation anfällig für SQL-Injections
First seen on security-insider.de Jump to article: www.security-insider.de/broadcom-vmware-sql-injection-schwachstelle-vmware-aria-updates-a-245d38ecf6d1179fcdbe0351da56ae96/
-
VMware stopft SQLLücke in Aria Automation
Angreifer können eine Schwachstelle in VMware Aria Automation missbrauchen, um eigene Befehle mittels SQL-Injection einzuschleusen. Updates stehen ber… First seen on heise.de Jump to article: www.heise.de/news/VMware-stopft-SQL-Injection-Luecke-in-Aria-Automation-9797344.html
-
Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability
Ivanti has released a hotfix to address an SQL injection vulnerability in Endpoint Manager (EPM) 2024 flat. The post Ivanti Issues Hotfix for High-Sev… First seen on securityweek.com Jump to article: www.securityweek.com/ivanti-issues-hotfix-for-high-severity-endpoint-manager-vulnerability/
-
VMware Patches Critical SQL Injection Flaw In Aria Automation
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36091/VMware-Patches-Critical-SQL-Injection-Flaw-In-Aria-Automation.html