SecuObs.com

SecuObs.com http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com phpscripte24 Niedrig Gebote Pro Auktions System II Blind SQL Injection2010-03-19 03:04:30 - Exploit DB updates : http://www.secuobs.com/revue/news/203239.shtmlhttp://www.secuobs.com/revue/news/203239.shtml Shutter 014 Blind SQL Injection2010-03-19 01:53:39 - Exploit DB updates : http://www.secuobs.com/revue/news/203196.shtmlhttp://www.secuobs.com/revue/news/203196.shtml SiteDone Custom Edition 20 SQL Injection XSS Vulnerability2010-03-19 01:53:39 - Exploit DB updates : http://www.secuobs.com/revue/news/203195.shtmlhttp://www.secuobs.com/revue/news/203195.shtml phpAuthent 021 SQL Injection Vulnerability2010-03-19 01:53:39 - Exploit DB updates : http://www.secuobs.com/revue/news/203193.shtmlhttp://www.secuobs.com/revue/news/203193.shtml philboard v102 sql injection Vulnerability2010-03-19 01:53:39 - Exploit DB updates : http://www.secuobs.com/revue/news/203192.shtmlhttp://www.secuobs.com/revue/news/203192.shtml By Popular Demand Screen Injection Webinar Encore2010-03-18 23:08:22 - Silver Tail Blog : For those of you who were not able to attend our webinar Screen Injection - All your users credentials belong to Zeus, I have good news We are holding an encore presentation of the webinar In this webinar we explain screen injection, how it is perpetrated, and the benefit gained by the criminal We also show live http://www.secuobs.com/revue/news/203143.shtmlhttp://www.secuobs.com/revue/news/203143.shtml SQL injection attacks are in decline â or are they 2010-03-18 01:49:32 - Hack In The Box : According to IBM X-Force's report, SQL injection gained a lot of popularity as a flavour of the month and was then exploited to the point that there were few who didn't know what it was And, says the company, now that awareness has saturated the industry, more websites are defending against the problem Interestingly, however, the IBM report found a significant increase in attacks using code obfuscation, often launched using automated exploit toolkits, to hide from IT security software You'd expect the 11pourcents fall in SQL injection and allied attack vectors to be welcomed by the industry, but data security specialist Imperva has cast doubt on the findings http://www.secuobs.com/revue/news/202816.shtmlhttp://www.secuobs.com/revue/news/202816.shtml PHP-Nuke ratedownload SQL Injection2010-03-17 21:48:54 - Exploit DB updates : http://www.secuobs.com/revue/news/202718.shtmlhttp://www.secuobs.com/revue/news/202718.shtml Joomla Component com_include SQL Injection Vulnerability2010-03-17 12:16:46 - Exploit DB updates : http://www.secuobs.com/revue/news/202536.shtmlhttp://www.secuobs.com/revue/news/202536.shtml Preisschlacht Multi Liveshop System SQL Injection seite aid indexphp2010-03-17 12:16:46 - Exploit DB updates : http://www.secuobs.com/revue/news/202535.shtmlhttp://www.secuobs.com/revue/news/202535.shtml PostNuke ContentExpress Module Blind Sql Injection2010-03-17 12:16:46 - Exploit DB updates : http://www.secuobs.com/revue/news/202534.shtmlhttp://www.secuobs.com/revue/news/202534.shtml phpscripte24 Auktionshaus Community Standart System Blind SQL Injection2010-03-16 23:32:17 - Exploit DB updates : http://www.secuobs.com/revue/news/202367.shtmlhttp://www.secuobs.com/revue/news/202367.shtml Online Community CMS by I-net SQL Injection Vulnerability2010-03-16 20:38:04 - Exploit DB updates : http://www.secuobs.com/revue/news/202305.shtmlhttp://www.secuobs.com/revue/news/202305.shtml Joomla Component com_bidding SQL Injection Vulnerability2010-03-16 02:55:27 - Exploit DB updates : http://www.secuobs.com/revue/news/201969.shtmlhttp://www.secuobs.com/revue/news/201969.shtml Joomla Component com_route SQL Injection Vulnerability2010-03-16 02:55:27 - Exploit DB updates : http://www.secuobs.com/revue/news/201968.shtmlhttp://www.secuobs.com/revue/news/201968.shtml darkmysqli-injectionpdf2010-03-15 23:10:03 - Packet Storm Security Last Files : Whitepaper called MySQL Injection using darkMySQLipy http://www.secuobs.com/revue/news/201901.shtmlhttp://www.secuobs.com/revue/news/201901.shtml Joomla com_org SQL Injection Vulnerability letter parameter 2010-03-15 19:11:29 - Exploit DB updates : http://www.secuobs.com/revue/news/201785.shtmlhttp://www.secuobs.com/revue/news/201785.shtml Preisschlacht V4 Flash System SQL Injection seite aid indexphp2010-03-15 19:11:29 - Exploit DB updates : http://www.secuobs.com/revue/news/201776.shtmlhttp://www.secuobs.com/revue/news/201776.shtml PHP Classifieds v75 Blind SQL Injection Vulnerability2010-03-15 12:41:45 - Exploit DB updates : http://www.secuobs.com/revue/news/201641.shtmlhttp://www.secuobs.com/revue/news/201641.shtml Phenix v35b SQL Injection Vulnerability2010-03-15 12:41:45 - Exploit DB updates : http://www.secuobs.com/revue/news/201639.shtmlhttp://www.secuobs.com/revue/news/201639.shtml PhpMyLogon v2 SQL Injection Vulnerability2010-03-15 01:09:07 - Exploit DB updates : http://www.secuobs.com/revue/news/201551.shtmlhttp://www.secuobs.com/revue/news/201551.shtml Front Door v04b SQL Injection Vulnerability2010-03-14 22:21:07 - Exploit DB updates : http://www.secuobs.com/revue/news/201526.shtmlhttp://www.secuobs.com/revue/news/201526.shtml Joomla com_nfnaddressbook Remote Sql Injection Vulnerability2010-03-14 22:21:07 - Exploit DB updates : http://www.secuobs.com/revue/news/201523.shtmlhttp://www.secuobs.com/revue/news/201523.shtml phppool media Domain Verkaufs und Auktions Portal indexphp SQL Injection2010-03-14 22:21:07 - Exploit DB updates : http://www.secuobs.com/revue/news/201520.shtmlhttp://www.secuobs.com/revue/news/201520.shtml PHP-Fusion 601154 downloadsphp SQL Injection Vulnerability2010-03-14 16:53:35 - Exploit DB updates : http://www.secuobs.com/revue/news/201489.shtmlhttp://www.secuobs.com/revue/news/201489.shtml Joomla Component com_org SQL Injection Vulnerability2010-03-14 15:59:09 - Exploit DB updates : http://www.secuobs.com/revue/news/201483.shtmlhttp://www.secuobs.com/revue/news/201483.shtml Xbtit v200 SQL Injection Vulnerability2010-03-13 21:50:13 - Exploit DB updates : http://www.secuobs.com/revue/news/201403.shtmlhttp://www.secuobs.com/revue/news/201403.shtml Mambo Component com_mambads SQL Injection Vulnerability2010-03-13 21:50:13 - Exploit DB updates : http://www.secuobs.com/revue/news/201402.shtmlhttp://www.secuobs.com/revue/news/201402.shtml Injecting a Backdoor via PhpMyAdmin Video Tutorial2010-03-13 18:55:40 - SecurityTube.Net : Injecting a Backdoor via PhpMyAdmin Video Tutorial IMAGE http://www.secuobs.com/revue/news/201385.shtmlhttp://www.secuobs.com/revue/news/201385.shtml MySQL Injection Using darkMySQLipy2010-03-13 16:22:24 - Exploit DB updates : http://www.secuobs.com/revue/news/201368.shtmlhttp://www.secuobs.com/revue/news/201368.shtml systemsoftware Community Black indexphp SQL Injection2010-03-13 15:31:04 - Exploit DB updates : http://www.secuobs.com/revue/news/201362.shtmlhttp://www.secuobs.com/revue/news/201362.shtml SQL Injection, Active X on decline IBM X-Force2010-03-13 11:27:41 - Network World on Security : IBM's X-Force 2009 Trend and Risk report shows an 11 per cent drop in discovered vulnerabilities compared to 2008, including a decline in the largest categories like SQL Injections and ActiveX http://www.secuobs.com/revue/news/201334.shtmlhttp://www.secuobs.com/revue/news/201334.shtml Azeno CMS SQL Injection Vulnerability2010-03-13 08:48:43 - Exploit DB updates : http://www.secuobs.com/revue/news/201324.shtmlhttp://www.secuobs.com/revue/news/201324.shtml Joomla Component com_comp SQL Injection Vulnerability2010-03-13 08:03:13 - Exploit DB updates : http://www.secuobs.com/revue/news/201319.shtmlhttp://www.secuobs.com/revue/news/201319.shtml Joomla Component com_races Blind SQL Injection Vulnerability2010-03-13 08:03:13 - Exploit DB updates : http://www.secuobs.com/revue/news/201318.shtmlhttp://www.secuobs.com/revue/news/201318.shtml dreamlive Auktionshaus script newsphp id SQL Injection Vulnerability2010-03-12 19:56:55 - Exploit DB updates : http://www.secuobs.com/revue/news/201180.shtmlhttp://www.secuobs.com/revue/news/201180.shtml SQL Injection and Java exploits2010-03-12 16:41:45 - Pete Finnigan's Oracle security weblog : It has been a while since my last blog post as I have been extremely busy over the last weeks and this blog post is being posted straight after finishing a customer training session using the clients internet connection with Read More Posted by Pete On 17 02 10 At 04 01 PM http://www.secuobs.com/revue/news/201111.shtmlhttp://www.secuobs.com/revue/news/201111.shtml Joomla Component com_start SQL Injection Vulnerability2010-03-12 13:57:28 - Exploit DB updates : http://www.secuobs.com/revue/news/201083.shtmlhttp://www.secuobs.com/revue/news/201083.shtml Joomla Component com_leader SQL Injection Vulnerability2010-03-12 13:57:28 - Exploit DB updates : http://www.secuobs.com/revue/news/201082.shtmlhttp://www.secuobs.com/revue/news/201082.shtml Joomla Component com_family SQL Injection Vulnerability2010-03-12 13:57:28 - Exploit DB updates : http://www.secuobs.com/revue/news/201081.shtmlhttp://www.secuobs.com/revue/news/201081.shtml Easynet Forum Host topicphp SQL Injection Vulnerbility2010-03-12 13:57:28 - Exploit DB updates : http://www.secuobs.com/revue/news/201080.shtmlhttp://www.secuobs.com/revue/news/201080.shtml Invision Power Board Currency Mod edit SQL injection2010-03-12 13:57:28 - Exploit DB updates : http://www.secuobs.com/revue/news/201079.shtmlhttp://www.secuobs.com/revue/news/201079.shtml Joomla Component com_gigfe SQL Injection Vulnerability2010-03-12 03:00:27 - Exploit DB updates : http://www.secuobs.com/revue/news/200959.shtmlhttp://www.secuobs.com/revue/news/200959.shtml Joomla Component com_color SQL Injection Vulnerability 2010-03-12 03:00:27 - Exploit DB updates : http://www.secuobs.com/revue/news/200958.shtmlhttp://www.secuobs.com/revue/news/200958.shtml Joomla Component com_party SQL Injection Vulnerability 2010-03-12 03:00:27 - Exploit DB updates : http://www.secuobs.com/revue/news/200956.shtmlhttp://www.secuobs.com/revue/news/200956.shtml Joomla com_products 'intCategoryId' Remote Sql Injection Vulnerability2010-03-12 01:49:48 - Exploit DB updates : http://www.secuobs.com/revue/news/200946.shtmlhttp://www.secuobs.com/revue/news/200946.shtml Joomla Component com_blog SQL Injection Vulnerability2010-03-11 20:59:16 - Exploit DB updates : http://www.secuobs.com/revue/news/200800.shtmlhttp://www.secuobs.com/revue/news/200800.shtml Eros Erotik Webkatalog startphp rubrik id SQL Injection Vulnerability2010-03-11 20:59:16 - Exploit DB updates : http://www.secuobs.com/revue/news/200799.shtmlhttp://www.secuobs.com/revue/news/200799.shtml Joomla com_about Remote Sql Injection Vulnerability2010-03-11 13:59:42 - Exploit DB updates : http://www.secuobs.com/revue/news/200662.shtmlhttp://www.secuobs.com/revue/news/200662.shtml Softbiz Jobs and Recruitment Script search_resultphp SQL Injection Vulnerability2010-03-10 18:58:11 - Exploit DB updates : http://www.secuobs.com/revue/news/200322.shtmlhttp://www.secuobs.com/revue/news/200322.shtml Friendly-Tech FriendlyTR69 CPE Remote Management v289 SQL Injection Vulnerability2010-03-10 14:09:23 - Exploit DB updates : http://www.secuobs.com/revue/news/200192.shtmlhttp://www.secuobs.com/revue/news/200192.shtml WordPress Injection Attack2010-03-10 02:57:38 - Latest Blog Entries From Websense Security Labs : Nowadays it is not surprising when people's blogs are attacked, especially when the blog owner is a well-known person No matter how frustrated or disappointed the bloggers are, attacks still continue If you search my blog was hacked on Google, you get 4,230,000 results searching my blog was hacked again returns 2,380,000 matches, and the number keeps increasing daily What we can see from the these rough stats Apparently nearly 44pourcents of attacked blogs are lucky and aren't attacked again, but over 56pourcents of attacked blogs repeat the previous nightmare http://www.secuobs.com/revue/news/200083.shtmlhttp://www.secuobs.com/revue/news/200083.shtml NUs Newssystem v102 id SQL Injection Vulnerability2010-03-09 23:01:41 - Exploit DB updates : http://www.secuobs.com/revue/news/199940.shtmlhttp://www.secuobs.com/revue/news/199940.shtml Rsstatic SQL Injection2010-03-09 19:18:01 - Exploit DB updates : http://www.secuobs.com/revue/news/199849.shtmlhttp://www.secuobs.com/revue/news/199849.shtml Joomla Component com_hezacontent SQL injection Vulnerability id 2010-03-09 19:18:01 - Exploit DB updates : http://www.secuobs.com/revue/news/199847.shtmlhttp://www.secuobs.com/revue/news/199847.shtml mhproducts kleinanzeigenmarkt searchphp SQL Injection2010-03-09 19:18:01 - Exploit DB updates : http://www.secuobs.com/revue/news/199843.shtmlhttp://www.secuobs.com/revue/news/199843.shtml SQL injection vulnerability in Wild CMS2010-03-09 19:18:01 - Exploit DB updates : http://www.secuobs.com/revue/news/199842.shtmlhttp://www.secuobs.com/revue/news/199842.shtml TYPO3 injection SQL dans Calendar Base2010-03-09 14:39:54 - Vigilance vulnérabilités publiques : Un attaquant peut injecter des requêtes SQL dans l'extension Calendar Base de TYPO3 http://www.secuobs.com/revue/news/199725.shtmlhttp://www.secuobs.com/revue/news/199725.shtml Attacking RSA exponentiation with fault injection2010-03-08 21:57:48 - root labs rdist : A new paper, Fault-Based Attack of RSA Authentication pdf by Pellegrini et al, is making the rounds The general idea is that an attacker can disrupt an RSA private key operation to cause an invalid signature to be returned, then use that result to extract the private key If you re new to fault injection attacks http://www.secuobs.com/revue/news/199460.shtmlhttp://www.secuobs.com/revue/news/199460.shtml DZ Auktionshaus V4rgo id newsphp SQL Injection Vulnerability2010-03-08 20:32:05 - Exploit DB updates : http://www.secuobs.com/revue/news/199421.shtmlhttp://www.secuobs.com/revue/news/199421.shtml Bild Flirt System V20 indexphp id SQL Injection Vulnerability2010-03-07 17:15:44 - Exploit DB updates : http://www.secuobs.com/revue/news/199146.shtmlhttp://www.secuobs.com/revue/news/199146.shtml OpenCart 132 SQL Injection2010-03-07 12:53:43 - Exploit DB updates : http://www.secuobs.com/revue/news/199105.shtmlhttp://www.secuobs.com/revue/news/199105.shtml BigForum Version 45 SQL INJECTION2010-03-07 12:53:43 - Exploit DB updates : http://www.secuobs.com/revue/news/199104.shtmlhttp://www.secuobs.com/revue/news/199104.shtml dev4u CMS Personenseiten go_targetphp SQL Injection2010-03-07 02:45:26 - Exploit DB updates : http://www.secuobs.com/revue/news/199051.shtmlhttp://www.secuobs.com/revue/news/199051.shtml E-topbiz Link ADS 1 PHP script linkid Blind SQL Injection Vulnerability2010-03-05 18:17:17 - Exploit DB updates : http://www.secuobs.com/revue/news/198712.shtmlhttp://www.secuobs.com/revue/news/198712.shtml Auktionshaus v3001 newsphp id SQL Injection Vulnerability2010-03-05 15:50:35 - Exploit DB updates : http://www.secuobs.com/revue/news/198673.shtmlhttp://www.secuobs.com/revue/news/198673.shtml ONECMS v25 SQL Injection Vulnerability2010-03-05 13:46:48 - Exploit DB updates : http://www.secuobs.com/revue/news/198645.shtmlhttp://www.secuobs.com/revue/news/198645.shtml The latest SQL Injection Attacks2010-03-05 12:02:46 - Roger Halbheer on Security : Body Well, there was quite some chatter over the last few weeks with regards to the massive defacements we saw based on SQL Injection Attacks So, what was really new Close to nothing Well, this is not completely true The new thing we have seen with these attacks is automation however a lot of people did not really start with this at the beginning Just as an example, The Washington Post published an article called Hundreds of Thousands of Microsoft Web Servers Hacked and said Hundreds of thousands of Web sites have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software on visitors' machines Whereas the first part was true just giving a wrong impression the content in the article was definitely wrong as it was and still is no Windows or IIS vulnerability but just bad programming What we see are tools that use Google to find web application with potential SQL Injection vulnerabilities and then try to attack them From there on, they are trying to use the SQL Injection flaw to exploit vulnerabilities in Flash or other software So, what can you do about it Understand the current threat and read SQL Injection Attacks on IIS Web Servers on our IIS Blog and Questions about Web Server Attacks on the Microsoft Security Response Center Blog Once you have done that I think if you are not already you should familiarize yourself with these kind of attacks and there are some very good resources and engineer at Microsoft compiled for you General Guidance on SQL Injection Giving SQL Injection the Respect it Deserves from Michael Howard SQL Injection Mitigation Using Parameterized Queries from Neil Carpenter Incident Response with focus on SQL Injection Anatomy of a SQL Injection Incident from Neil Carpenter Anatomy of a SQL Injection Incident, Part 2 Meat Neil again And last but not least some MSDN guidance Explained SQL Injection SQL Injection How To Protect From SQL Injection in ASPNET Roger Category Incidents Processes Technology TrendsPublished 30052008 09 40 http://www.secuobs.com/revue/news/198571.shtmlhttp://www.secuobs.com/revue/news/198571.shtml New Guidance on the SQL Injection Attacks2010-03-05 12:02:46 - Roger Halbheer on Security : Body We just published yesterday two new pieces of guidance for the latest SQL Injection attacks, which I want to make sure you saw it Preventing SQL Injections in ASP SQL Injection Attack which is a great piece of work pulling the different views of the latest attacks together Roger Category Incidents TechnologyPublished 31052008 11 23 http://www.secuobs.com/revue/news/198569.shtmlhttp://www.secuobs.com/revue/news/198569.shtml New Information on SQL Injection Attacks2010-03-05 12:02:46 - Roger Halbheer on Security : Body I just wanted to make sure that you have seen the Advisory Rise in SQL Injection Attacks Exploiting Unverified User Data Input where we added some additional information This is especially important as we did not only publish guidance but tools as well Detection HP Scrawlr a free scanner from HP Defense UrlScan version 30 Beta Identifying Microsoft Source Code Analyzer for SQL Injection Definitely tools worth looking at if you are running public applications Roger Category Incidents Processes SecurityPublished 24062008 22 38 http://www.secuobs.com/revue/news/198556.shtmlhttp://www.secuobs.com/revue/news/198556.shtml SQL Injection again 2010-03-05 12:02:46 - Roger Halbheer on Security : This week I had again a longer mail thread on SQL Injection attacks Probably it caught me at the wrong moment, as it was a very long week preparing for the IE Out of Band making sure everybody knows what they have to do And then I was actually pinged by our office in Ireland as a blogger who is working heavily with our technology and seems to be a pretty experienced developer this to set the stage So, the title of the post was freely summarized I was attacked by a SQL Injection, what is Microsoft doing against that I then commented on his blog but unfortunately he decided not to publish my comment but get in touch with me directly The interesting thing was and this is the reason why I decided to blog myself about it that I was asking him, what he was expecting from us as we published quite a bunch of guidance on how to protect against SQL Injection back in May and there is not much more we can do as SQL Injection is not a DB but an application problem as the app does not properly verify the input I have seen some cases recently and form the mail exchange we had over the weekend I guess that he is one of them where a cookie was used to do the SQL Injection So the application is saving some data in a cookie and loads the content from there directly generating the SQL Query So if an attacker changes the content of the cookie he she could run a different way of SQL Injections and inject a script into the DB This blogger was actually hit pretty hard by a script called jpdog3322 If you search for it in a search engine you would never use Google, would you you find a hell lot of sites being infected Scary Now, back to our blogger I asked several times and this goes to you as well What else can we do to help to protect the ecosystem besides publishing the advise we already gave I summarized the different sites back in May in posts called The latest SQL Injection Attacks and New Guidance on the SQL Injection Attacks Additionally we made a new version of the Security Development Lifecycle available to help you to write more secure code See my post about that Videos about the Security Development Lifecycle So, his ask finally was a patch He is expecting us to issue a patch to solve this problem To me, this is on the same level as you would ask us to issue a patch for the buffer overflows Let me be clear once again SQL Injection is about the app, not the DB I think at the end, he felt stupid he got some pretty direct comments on his blog as well , which would be bad We have been defaced based on a SQL Injection as well and I am convinced that it could happen to anybody The key is, to make sure that you look for a solution at the root of the problem, which is the app Roger http://www.secuobs.com/revue/news/198471.shtmlhttp://www.secuobs.com/revue/news/198471.shtml PhP-Nuke userphp SQL Injection2010-03-04 18:53:45 - Exploit DB updates : http://www.secuobs.com/revue/news/198076.shtmlhttp://www.secuobs.com/revue/news/198076.shtml PHPNUKE CMS Survey and Poll SQL Injection Vulnerability2010-03-04 15:22:04 - Exploit DB updates : http://www.secuobs.com/revue/news/198019.shtmlhttp://www.secuobs.com/revue/news/198019.shtml smartplugs 13 SQL Injection showplugsphp2010-03-03 22:13:35 - Exploit DB updates : http://www.secuobs.com/revue/news/197733.shtmlhttp://www.secuobs.com/revue/news/197733.shtml Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability2010-03-03 18:02:35 - Cisco Security AdvisoriesSearch Cisco : A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display IMAGE http://www.secuobs.com/revue/news/197649.shtmlhttp://www.secuobs.com/revue/news/197649.shtml Uiga Church Portal indexphp SQL Injection2010-03-03 13:35:38 - Exploit DB updates : http://www.secuobs.com/revue/news/197558.shtmlhttp://www.secuobs.com/revue/news/197558.shtml My Little Forum contactphp SQL Injection2010-03-02 18:43:04 - Exploit DB updates : http://www.secuobs.com/revue/news/197193.shtmlhttp://www.secuobs.com/revue/news/197193.shtml phptroubleticket id SQL Injection Vulnerability2010-03-02 00:23:42 - Exploit DB updates : http://www.secuobs.com/revue/news/196798.shtmlhttp://www.secuobs.com/revue/news/196798.shtml Top 25 Series Rank 2 SQL Injection2010-03-01 18:13:18 - AppSec Street Fighter SANS Institute : Item 2 in this year s Top 25 is CWE-89 1 It is officially called Improper Sanitization of Special Elements used in an SQL Command SQL Injection There are many public examples that show the devastating impact that SQL Injection can have including the Mass SQL Injection attacks that began in 2008 2,3,4 as well as the http://www.secuobs.com/revue/news/196629.shtmlhttp://www.secuobs.com/revue/news/196629.shtml Majoda CMS Auth Bypass SQL Injection Vulnerability2010-02-28 20:59:29 - Exploit DB updates : http://www.secuobs.com/revue/news/196399.shtmlhttp://www.secuobs.com/revue/news/196399.shtml Baykus Yemek Tarifleri 21 SQL Injection Vulnerability2010-02-28 16:35:16 - Exploit DB updates : http://www.secuobs.com/revue/news/196385.shtmlhttp://www.secuobs.com/revue/news/196385.shtml HazelPress Lite 004 Auth Bypass SQL Injection Vulnerability2010-02-28 15:48:18 - Exploit DB updates : http://www.secuobs.com/revue/news/196371.shtmlhttp://www.secuobs.com/revue/news/196371.shtml Joomla Component com_yanc SQL Injection Vulnerability2010-02-28 15:48:18 - Exploit DB updates : http://www.secuobs.com/revue/news/196370.shtmlhttp://www.secuobs.com/revue/news/196370.shtml Joomla Component com_liveticker Blind SQL Injection Vulnerability2010-02-28 15:48:18 - Exploit DB updates : http://www.secuobs.com/revue/news/196369.shtmlhttp://www.secuobs.com/revue/news/196369.shtml Uiga Personal Portal indexphp SQL Injection Vulnerability2010-02-28 08:00:24 - Exploit DB updates : http://www.secuobs.com/revue/news/196342.shtmlhttp://www.secuobs.com/revue/news/196342.shtml Uiga Fan Club indexphp SQL Injection Vulnerability2010-02-28 08:00:24 - Exploit DB updates : http://www.secuobs.com/revue/news/196341.shtmlhttp://www.secuobs.com/revue/news/196341.shtml Joomla Component com_paxgallery Blind Injection Vulnerability2010-02-28 00:47:33 - Exploit DB updates : http://www.secuobs.com/revue/news/196313.shtmlhttp://www.secuobs.com/revue/news/196313.shtml Uiga Fan Club 10 Auth Bypass SQL Injection Vulnerability2010-02-27 22:02:46 - Exploit DB updates : http://www.secuobs.com/revue/news/196300.shtmlhttp://www.secuobs.com/revue/news/196300.shtml Pre Classified Listings SQL Injection Vulnerability2010-02-27 16:14:11 - Exploit DB updates : http://www.secuobs.com/revue/news/196276.shtmlhttp://www.secuobs.com/revue/news/196276.shtml Scripts Feed Business Directory SQL Injection Vulnerability2010-02-27 16:14:11 - Exploit DB updates : http://www.secuobs.com/revue/news/196273.shtmlhttp://www.secuobs.com/revue/news/196273.shtml Pangolin SQL injection tool build 3211020 released2010-02-27 15:37:17 - Security Database Tools Watch : Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS - Security Tools Penetration testing Ethical Hacking, Configurations checks, Database, Exploitation, Pangolin IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/196270.shtmlhttp://www.secuobs.com/revue/news/196270.shtml DZ Erotik Auktionshaus v4rgo newsphp SQL Injection Vulnerability2010-02-27 08:07:35 - Exploit DB updates : http://www.secuobs.com/revue/news/196229.shtmlhttp://www.secuobs.com/revue/news/196229.shtml Gravity Board X v20 BETA Public Release 3 SQL Injection Vulnerability2010-02-27 08:07:35 - Exploit DB updates : http://www.secuobs.com/revue/news/196228.shtmlhttp://www.secuobs.com/revue/news/196228.shtml Project Man 10 Auth Bypass SQL Injection Vulnerability2010-02-27 08:07:35 - Exploit DB updates : http://www.secuobs.com/revue/news/196227.shtmlhttp://www.secuobs.com/revue/news/196227.shtml phpRAINCHECK 101 SQL Injection Vulnerability2010-02-27 08:07:35 - Exploit DB updates : http://www.secuobs.com/revue/news/196225.shtmlhttp://www.secuobs.com/revue/news/196225.shtml SQL injection attack show-and-tell2010-02-26 21:13:34 - Security Bloggers Network : SQL injection has, for a long time now, found its way to the top places of the list of favorite attack vectors of cyber criminals Its popularity is, without a doubt, due to the relative ease of use and high success rate For those who are not familiar with how an attack of this kind looks http://www.secuobs.com/revue/news/196035.shtmlhttp://www.secuobs.com/revue/news/196035.shtml SQL injection attack show-and-tell2010-02-26 19:33:48 - Help Net Security News : SQL injection has, for a long time now, found its way to the top places of the list of favorite attack vectors of cyber criminals Its popularity is, without a doubt, due to the relative ease of use a http://www.secuobs.com/revue/news/195992.shtmlhttp://www.secuobs.com/revue/news/195992.shtml Phishing, SQL Injection Attacks Surged in 20092010-02-25 23:09:07 - eSecurity Planet Features : IBM's X-Force security report finds that hackers have mastered the art of attacking Web browsers and document readers, even though application security has improved http://www.secuobs.com/revue/news/195711.shtmlhttp://www.secuobs.com/revue/news/195711.shtml 10 Ways to Protect Your Network from SQL Injection Attacks2010-02-25 21:55:11 - eSecurity Planet Features : SQL injection attacks pose a massive potential threat to your organization Learn ten ways to prevent or mitigate them http://www.secuobs.com/revue/news/195682.shtmlhttp://www.secuobs.com/revue/news/195682.shtml Anatomy of a SQL Injection Attack2010-02-25 17:15:21 - threatpost The First Stop for Security News : SQL injection has become perhaps the most widely used technique for compromising Web applications, thanks to both its relative simplicity and high success rate It's not often that outsiders get a look at the way these attacks work, but a well-known researcher is providing just that Shorten URL http threatpostcom en_us 3o1 Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/195577.shtmlhttp://www.secuobs.com/revue/news/195577.shtml Softbiz Recipes Portal Script showcatsphp SQL Injection Vulnerability2010-02-25 16:04:14 - Exploit DB updates : http://www.secuobs.com/revue/news/195551.shtmlhttp://www.secuobs.com/revue/news/195551.shtml GameScript v30 SQL Injection Vulnerability2010-02-25 16:04:14 - Exploit DB updates : http://www.secuobs.com/revue/news/195550.shtmlhttp://www.secuobs.com/revue/news/195550.shtml Joomla Component com_joomlaconnect_be Blind Injection Vulnerability2010-02-25 16:04:14 - Exploit DB updates : http://www.secuobs.com/revue/news/195549.shtmlhttp://www.secuobs.com/revue/news/195549.shtml WebAdministrator Lite CMS SQL Injection Vulnerability2010-02-25 16:04:14 - Exploit DB updates : http://www.secuobs.com/revue/news/195548.shtmlhttp://www.secuobs.com/revue/news/195548.shtml Softbiz Classifieds PLUS Multiple SQL Injection Vulnerabilities2010-02-25 03:28:29 - Exploit DB updates : http://www.secuobs.com/revue/news/195356.shtmlhttp://www.secuobs.com/revue/news/195356.shtml Joomla Component com_hdflvplayer id SQL Injection Exploit2010-02-24 22:14:54 - Exploit DB updates : http://www.secuobs.com/revue/news/195253.shtmlhttp://www.secuobs.com/revue/news/195253.shtml Softbiz Auktios Script Multiple SQL Injection Vulnerabilities2010-02-24 19:25:38 - Exploit DB updates : http://www.secuobs.com/revue/news/195187.shtmlhttp://www.secuobs.com/revue/news/195187.shtml XSS, SQL Injection and Fuzzing Barcode Cheat Sheet2010-02-24 19:21:46 - CGISecurity Website and Application Security News : Someone has published an amusing cheat sheet that will allow you to fuzz barcode scanning systems for common input validation issues such as XSS and SQL Injection They even provide an online barcode generator which allows you to create your own payloads Not much else to say really Link http wwwirongeekcom xss-sql-injection-fuzzing-barcode-generatorphp http://www.secuobs.com/revue/news/195183.shtmlhttp://www.secuobs.com/revue/news/195183.shtml Darkjumper A scanner to check for SQL injection, LFI s and RFI vulnerabilities 2010-02-24 18:48:12 - PenTestIT : Darkjumper is a tool that will try to find every website that host at the same server at your target Then check for every vulnerability of each website that host at the same server Functions of darkjumper 1 User enumeration guessing based on 4-8 chars trial taken from every site name that host at the same server 2 IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/195160.shtmlhttp://www.secuobs.com/revue/news/195160.shtml Top 25 Series Rank 9 OS Command Injection2010-02-24 16:28:34 - AppSec Street Fighter SANS Institute : Entry 9 on the new CWE SANS Top 25 is about OS Command Injection 1 It s officially called Improper Sanitization of Special Elements used in an OS Command OS Command Injection , but I prefer to keep the title short when describing it In a previous post 2 we had just gained access to the application by http://www.secuobs.com/revue/news/195098.shtmlhttp://www.secuobs.com/revue/news/195098.shtml ShortCMS v111F B con SQL Injection Vulnerability2010-02-24 16:06:29 - Exploit DB updates : http://www.secuobs.com/revue/news/195088.shtmlhttp://www.secuobs.com/revue/news/195088.shtml phpCOIN v121 modphp SQL Injection Vulnerability 2010-02-24 16:06:29 - Exploit DB updates : http://www.secuobs.com/revue/news/195087.shtmlhttp://www.secuobs.com/revue/news/195087.shtml PenTestIT Post Of The Day Self-Inflicted SQL Injection 2010-02-24 11:11:20 - PenTestIT : Starting today, we will be mentioning posts from various blogs that we refer and find extremely useful for all of us security professionals, security enthusiasts, programmers, auditors, infact, any one who wants to know more about these individuals who as Masters in their own fields and are kind enough to share their knowledge with IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/195015.shtmlhttp://www.secuobs.com/revue/news/195015.shtml 10 Ways to Prevent or Mitigate SQL Injection Attacks2010-02-24 02:11:36 - Hack In The Box : Failure to Preserve SQL Query Structure aka 'SQL Injection' appears at number 2 in the CWE SANS TOP 25 Most Dangerous Programming Errors list published on February 16 And for good reason SQL injection attacks pose a massive potential threat to your organization That's because, if successful, they could allow hackers to compromise your network, access and destroy your data, and take control of your machines The principal behind SQL injection is pretty simple When an application takes user data as an input, there is an opportunity for a malicious user to enter carefully crafted data that causes the input to be interpreted as part of a SQL query instead of data http://www.secuobs.com/revue/news/194894.shtmlhttp://www.secuobs.com/revue/news/194894.shtml Softbiz Jobs Multiple SQL Injection Vulnerabilities2010-02-23 20:09:47 - Exploit DB updates : http://www.secuobs.com/revue/news/194780.shtmlhttp://www.secuobs.com/revue/news/194780.shtml Joomla Component com_ice Blind SQL Injection Vulnerability2010-02-23 14:26:43 - Exploit DB updates : http://www.secuobs.com/revue/news/194611.shtmlhttp://www.secuobs.com/revue/news/194611.shtml Php Auktion Pro SQL newsphp SQL Injection Vulnerability2010-02-23 14:26:43 - Exploit DB updates : http://www.secuobs.com/revue/news/194608.shtmlhttp://www.secuobs.com/revue/news/194608.shtml Top Auktion newsphp SQL Injection Vulnerability2010-02-23 14:26:43 - Exploit DB updates : http://www.secuobs.com/revue/news/194607.shtmlhttp://www.secuobs.com/revue/news/194607.shtml Joomla Component user_id com_sqlreport Blind SQL Injection Vulnerability2010-02-23 14:26:43 - Exploit DB updates : http://www.secuobs.com/revue/news/194606.shtmlhttp://www.secuobs.com/revue/news/194606.shtml adobexml-injectiontxt2010-02-23 09:10:14 - Packet Storm Security Exploits : Security-Assessmentcom discovered that multiple Adobe products with different Data Services versions are vulnerable to XML External Entity XXE and XML injection attacks http://www.secuobs.com/revue/news/194508.shtmlhttp://www.secuobs.com/revue/news/194508.shtml SQL Injections Top Attack Statistics2010-02-23 06:37:25 - DarkReading All Stories : Cybercriminals increasingly using automated SQL injection attacks powered by botnets to hit vulnerable systems http://www.secuobs.com/revue/news/194496.shtmlhttp://www.secuobs.com/revue/news/194496.shtml Multiple Adobe products vulnerable to XML External Entity Injection And XML Injection2010-02-23 00:12:00 - CGISecurity Website and Application Security News : I haven't really been vulnerabilities on this website for the past year, however a series of XML Injection XXe vulnerabilities in Adobe products caught my eye XML Injection is to web services, what XSS is to web pages resulting in a response performing an abuse against the consumer It's one of those vulns http://www.secuobs.com/revue/news/194375.shtmlhttp://www.secuobs.com/revue/news/194375.shtml Hacking Oracle from the Web Exploiting SQL Injection from Web Applications2010-02-22 23:25:23 - Exploit DB updates : http://www.secuobs.com/revue/news/194351.shtmlhttp://www.secuobs.com/revue/news/194351.shtml Ero Auktion v20 newsphp SQL Injection Vulnerability2010-02-22 14:19:58 - Exploit DB updates : http://www.secuobs.com/revue/news/194139.shtmlhttp://www.secuobs.com/revue/news/194139.shtml Ero Auktion v2010 newsphp SQL Injection Vulnerability2010-02-22 14:19:58 - Exploit DB updates : http://www.secuobs.com/revue/news/194138.shtmlhttp://www.secuobs.com/revue/news/194138.shtml Multiple Adobe Products XML External Entity And XML Injection Vulnerabilities2010-02-22 14:19:58 - Exploit DB updates : http://www.secuobs.com/revue/news/194131.shtmlhttp://www.secuobs.com/revue/news/194131.shtml Article Friendly SQL Injection Vulnerability2010-02-22 14:19:58 - Exploit DB updates : http://www.secuobs.com/revue/news/194130.shtmlhttp://www.secuobs.com/revue/news/194130.shtml Softbiz Jobs news_desc SQL Injection Vulnerability2010-02-22 13:28:19 - Exploit DB updates : http://www.secuobs.com/revue/news/194114.shtmlhttp://www.secuobs.com/revue/news/194114.shtml Multiple Adobe Products XML External Entity Injection And XML Injection2010-02-22 07:32:36 - Security Shell : Security-Assessmentcom discovered that multiple Adobe products with different Data Services versions are vulnerable to XML External Entity XXE and XML injection attacks XML external Entities injection allows a wide range of XML based attacks, including local file disclosure, TCP scans and Denial of Service condition, which can be achieved by recursive entity injection, attribute blow up and other types of injection For more information about the implications associated to this vulnerability, refer to the RFC2518 177 Implications of XML External Entities http wwwietforg rfc rfc2518txt Download PDF Source http seclistsorg http://www.secuobs.com/revue/news/194043.shtmlhttp://www.secuobs.com/revue/news/194043.shtml SQL injection vulnerability in Amelia CMS2010-02-19 17:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/193574.shtmlhttp://www.secuobs.com/revue/news/193574.shtml Dow Group news_descphp Remote SQL Injection Exploit2010-02-19 17:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/193573.shtmlhttp://www.secuobs.com/revue/news/193573.shtml WSC CMS Bypass SQL Injection Vulnerability2010-02-19 17:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/193571.shtmlhttp://www.secuobs.com/revue/news/193571.shtml Trixbox PhonecDirectoryphp SQL Injection2010-02-19 17:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/193570.shtmlhttp://www.secuobs.com/revue/news/193570.shtml Phpkit 161 SQL Injection memberphp2010-02-19 17:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/193569.shtmlhttp://www.secuobs.com/revue/news/193569.shtml Dialstring injection vulnerability in Asterisk2010-02-19 16:20:50 - Voice of VOIPSA : Olle Johansson recently alerted us that there is a dialstring injection vulnerability in Asterisk As Olle notes in his post about the vulnerability, this is similar to a SQL injection attack against a database where there is not enough filtering being done on strings that are being input to the system Olle writes Many VoIP http://www.secuobs.com/revue/news/193559.shtmlhttp://www.secuobs.com/revue/news/193559.shtml New injectso -- Debian proof2010-02-18 13:54:57 - C skills : The new injectso comes with a new technique to find the address of the needed rtld function Some systems Debian based make proc pid maps unavailable by default which former injectso needed to work properly It now also works via proc pid auxv to read AT_BASE and to calculate where rtld functions can be found The nm method is also still included for systems where libc exports symbol names The proc pid auxv method has only been tested on x86_64 but should work on x86 too Additionally, I am officially sorry for the coding style of injectso before v051 All the exploit coding makes a terrible style and I will drop that for a while The code has been cleaned up and is now readable and something to learn from http://www.secuobs.com/revue/news/193148.shtmlhttp://www.secuobs.com/revue/news/193148.shtml CubeCart indexphp SQL Injection Vulnerability2010-02-18 13:33:41 - Exploit DB updates : http://www.secuobs.com/revue/news/193142.shtmlhttp://www.secuobs.com/revue/news/193142.shtml PunBBAnnuaire 04 Blind SQL Injection Vulnerability2010-02-17 22:08:02 - Exploit DB updates : http://www.secuobs.com/revue/news/192913.shtmlhttp://www.secuobs.com/revue/news/192913.shtml Drupal Help Injection Module XSS Vulnerability2010-02-17 18:00:56 - MadIrish.net : The ironically named Drupal Help Injection module suffers from an arbitrary HTML injection vulnerability http wwwmadirishnet article 448 from rss http://www.secuobs.com/revue/news/192791.shtmlhttp://www.secuobs.com/revue/news/192791.shtml Auktionshaus v4 newsphp SQL Injection Vulnerability2010-02-17 15:55:05 - Exploit DB updates : http://www.secuobs.com/revue/news/192750.shtmlhttp://www.secuobs.com/revue/news/192750.shtml Auktionshaus Gelb v3 newsphp SQL Injection Vulnerability2010-02-17 15:55:05 - Exploit DB updates : http://www.secuobs.com/revue/news/192749.shtmlhttp://www.secuobs.com/revue/news/192749.shtml Erotik Auktionshaus newsphp SQL Injection Vulnerability2010-02-17 15:55:05 - Exploit DB updates : http://www.secuobs.com/revue/news/192748.shtmlhttp://www.secuobs.com/revue/news/192748.shtml uGround 10b SQL Injection Vulnerability2010-02-17 14:49:59 - Exploit DB updates : http://www.secuobs.com/revue/news/192733.shtmlhttp://www.secuobs.com/revue/news/192733.shtml Joomla Component com_acteammember SQL Injection Vulnerability2010-02-17 13:44:17 - Exploit DB updates : http://www.secuobs.com/revue/news/192713.shtmlhttp://www.secuobs.com/revue/news/192713.shtml Joomla Component com_acstartseite Sql Injection Vulnerability2010-02-17 08:12:26 - Exploit DB updates : http://www.secuobs.com/revue/news/192647.shtmlhttp://www.secuobs.com/revue/news/192647.shtml Joomla Component com_acprojects Sql Injection Vulnerability2010-02-17 08:12:26 - Exploit DB updates : http://www.secuobs.com/revue/news/192646.shtmlhttp://www.secuobs.com/revue/news/192646.shtml intuitive formphp Sql Injection Vulnerability2010-02-17 08:12:26 - Exploit DB updates : http://www.secuobs.com/revue/news/192645.shtmlhttp://www.secuobs.com/revue/news/192645.shtml Nabernet articlesphp Sql Injection Vulnerability2010-02-17 08:12:26 - Exploit DB updates : http://www.secuobs.com/revue/news/192644.shtmlhttp://www.secuobs.com/revue/news/192644.shtml Pogodny CMS SQL Injection Vulnerability2010-02-16 14:04:07 - Exploit DB updates : http://www.secuobs.com/revue/news/192285.shtmlhttp://www.secuobs.com/revue/news/192285.shtml Mambo Component com_acnews id SQL Injection Vulnerability2010-02-16 14:04:07 - Exploit DB updates : http://www.secuobs.com/revue/news/192284.shtmlhttp://www.secuobs.com/revue/news/192284.shtml Joomla Component com_joomportfolio Blind Injection Vulnerability2010-02-15 22:17:48 - Exploit DB updates : http://www.secuobs.com/revue/news/192077.shtmlhttp://www.secuobs.com/revue/news/192077.shtml Joomla Component com_hdvideoshare Sql Injection Vulnerability2010-02-15 22:17:48 - Exploit DB updates : http://www.secuobs.com/revue/news/192076.shtmlhttp://www.secuobs.com/revue/news/192076.shtml superengine CMS Custom Pack SQL Injection Vulnerability2010-02-15 17:19:10 - Exploit DB updates : http://www.secuobs.com/revue/news/191990.shtmlhttp://www.secuobs.com/revue/news/191990.shtml WordPress Copperleaf Photolog SQL injection2010-02-15 17:19:10 - Exploit DB updates : http://www.secuobs.com/revue/news/191988.shtmlhttp://www.secuobs.com/revue/news/191988.shtml Interesting Article about SQL Injection in Oracle by Mike Smithers2010-02-15 13:02:23 - Alexander Kornbrust Oracle Security Blog : Mike Smithers, a former colleague, maintains a nice blog called The Anti-Kyte He wrote a really interesting article Self-Inflicted SQL Injection don t quote me about SQL Injection in Oracle Well written Mike http://www.secuobs.com/revue/news/191923.shtmlhttp://www.secuobs.com/revue/news/191923.shtml No more and 1 1 Sql injection testing tool2010-02-15 07:33:59 - PenTestIT : When doing WebApp testing we have had to retype million times the same old commands to test SQL I, XSS and all that stuff Sometimes, you even have to recollect what were the characters involved in header injection for example we might have to do a search for it In order to minimize the time IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/191884.shtmlhttp://www.secuobs.com/revue/news/191884.shtml Joomla com_videos Remote Sql Injection Vulnerability2010-02-14 22:25:59 - Exploit DB updates : http://www.secuobs.com/revue/news/191826.shtmlhttp://www.secuobs.com/revue/news/191826.shtml Mambo com_akogallery Remote Sql Injection Vulnerability2010-02-14 19:33:36 - Exploit DB updates : http://www.secuobs.com/revue/news/191817.shtmlhttp://www.secuobs.com/revue/news/191817.shtml JTL-Shop 2 druckansichtphp SQL Injection Vulnerability2010-02-14 13:44:39 - Exploit DB updates : http://www.secuobs.com/revue/news/191776.shtmlhttp://www.secuobs.com/revue/news/191776.shtml Calendarix v0820071118 SQL Injection2010-02-14 07:44:41 - Exploit DB updates : http://www.secuobs.com/revue/news/191756.shtmlhttp://www.secuobs.com/revue/news/191756.shtml InterTech Co 10 SQL Injection2010-02-14 01:12:14 - Exploit DB updates : http://www.secuobs.com/revue/news/191735.shtmlhttp://www.secuobs.com/revue/news/191735.shtml WSN Guest 102 orderlinks SQL Injection Vulnerability2010-02-13 18:51:30 - Exploit DB updates : http://www.secuobs.com/revue/news/191699.shtmlhttp://www.secuobs.com/revue/news/191699.shtml Joomla com_joomradio SQL Injection Vulnerability2010-02-13 17:47:24 - Exploit DB updates : http://www.secuobs.com/revue/news/191693.shtmlhttp://www.secuobs.com/revue/news/191693.shtml Vito CMS SQL Injection Vulnerability - validation2010-02-13 15:45:29 - Exploit DB updates : http://www.secuobs.com/revue/news/191675.shtmlhttp://www.secuobs.com/revue/news/191675.shtml southburn Web productsphp Sql Injection Vulnerability2010-02-13 15:45:29 - Exploit DB updates : http://www.secuobs.com/revue/news/191674.shtmlhttp://www.secuobs.com/revue/news/191674.shtml Vito CMS SQL Injection Vulnerability2010-02-13 01:43:47 - Exploit DB updates : http://www.secuobs.com/revue/news/191566.shtmlhttp://www.secuobs.com/revue/news/191566.shtml daChooch Remote Sql Injection Vulnerability2010-02-13 01:43:47 - Exploit DB updates : http://www.secuobs.com/revue/news/191564.shtmlhttp://www.secuobs.com/revue/news/191564.shtml Alqatari Group Version 10 Blind SQL Injection Vulnerability2010-02-12 14:44:05 - Exploit DB updates : http://www.secuobs.com/revue/news/191352.shtmlhttp://www.secuobs.com/revue/news/191352.shtml peazip_command_injectionrbtxt2010-02-12 02:44:40 - Packet Storm Security Exploits : This Metasploit module exploits a command injection vulnerability in PeaZip All versions prior to 262 are suspected vulnerable Testing was conducted with version 261 on Windows In order for the command to be executed, an attacker must convince someone to open a specially crafted zip file with PeaZip, and access the specially file via double-clicking it By doing so, an attacker can execute arbitrary commands as the victim user http://www.secuobs.com/revue/news/191192.shtmlhttp://www.secuobs.com/revue/news/191192.shtml apemCMS SQL Injection Vulnerability2010-02-12 02:04:47 - Exploit DB updates : http://www.secuobs.com/revue/news/191177.shtmlhttp://www.secuobs.com/revue/news/191177.shtml Trade Manager Script SQL injection Vulnerability2010-02-12 02:04:47 - Exploit DB updates : http://www.secuobs.com/revue/news/191176.shtmlhttp://www.secuobs.com/revue/news/191176.shtml Screen Injection Webinar All Your Users Credentials Belong to Zeus2010-02-12 01:35:41 - Silver Tail Blog : For those of you who have followed the press coverage of the Zeus malware, you might be wondering about the various functions available within Zeus In this webinar we ll get into the details about one particular function screen injection aka parameter injection The webinar will be February 23 at 10am Pacific time If you want to participate, you can register http://www.secuobs.com/revue/news/191172.shtmlhttp://www.secuobs.com/revue/news/191172.shtml Vacation Rental Script SQL Injection Vulnerability2010-02-11 23:40:29 - Exploit DB updates : http://www.secuobs.com/revue/news/191126.shtmlhttp://www.secuobs.com/revue/news/191126.shtml X-Cart Pro v4013 SQL Injection Proof of Concept2010-02-11 22:37:08 - Exploit DB updates : http://www.secuobs.com/revue/news/191094.shtmlhttp://www.secuobs.com/revue/news/191094.shtml Video Games Rentals Script SQL Injection Vulnerability2010-02-11 22:37:08 - Exploit DB updates : http://www.secuobs.com/revue/news/191089.shtmlhttp://www.secuobs.com/revue/news/191089.shtml CD Rentals Script SQL injection Vulnerability2010-02-11 17:10:24 - Exploit DB updates : http://www.secuobs.com/revue/news/190938.shtmlhttp://www.secuobs.com/revue/news/190938.shtml Books eBooks Rental Software SQL injection Vulnerability2010-02-11 17:10:24 - Exploit DB updates : http://www.secuobs.com/revue/news/190937.shtmlhttp://www.secuobs.com/revue/news/190937.shtml Omnidocs SQL injection Vulnerability2010-02-11 13:52:16 - Exploit DB updates : http://www.secuobs.com/revue/news/190884.shtmlhttp://www.secuobs.com/revue/news/190884.shtml vBulletin v 23 SQL Injection Vulnerability2010-02-11 13:52:16 - Exploit DB updates : http://www.secuobs.com/revue/news/190881.shtmlhttp://www.secuobs.com/revue/news/190881.shtml Malware, SQL Injections Dominate Breach Reports2010-02-10 17:28:57 - threatpost The First Stop for Security News : With millions of personal records and payment card information stolen on a regular basis, several recently released reports independently confirm some of the main sources of breaches Not surprisingly, that s not zero day flaws, not even insiders, but good old fashioned SQL injections next to malware infections Read the full article ZDNet Shorten URL http threatpostcom en_us 3V0 Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/190528.shtmlhttp://www.secuobs.com/revue/news/190528.shtml eSmile Script indexphp SQL Injection Vulnerability2010-02-10 14:33:51 - Exploit DB updates : http://www.secuobs.com/revue/news/190461.shtmlhttp://www.secuobs.com/revue/news/190461.shtml HASHE Solutions Multiple SQL Injection Vulnerabilities2010-02-10 14:33:51 - Exploit DB updates : http://www.secuobs.com/revue/news/190460.shtmlhttp://www.secuobs.com/revue/news/190460.shtml Targeted Sequel Injection Attacks on the Rise2010-02-10 06:43:29 - Information Security Resources : By Robert Siciliano, ID Theft Expert and Security Consultant to Inteliuscom SQL injections have evolved in their purpose and sophistication Originally meant as a tool to attack a merchant s database and steal data The attack was reconfigured last summer to install viruses on users computers that contain a remote control component The bad guys are going after high-profile, high-volume websites, instead of going after the smaller websites, which are easier to inject code into http://www.secuobs.com/revue/news/190374.shtmlhttp://www.secuobs.com/revue/news/190374.shtml Reports SQL injection attacks and malware led to most data breaches2010-02-10 03:15:48 - Zero Day : With millions of personal records and payment card information stolen on a regular basis, several recently released reports independently confirm the source of breaches Not surprisingly, that's not zero day flaws, but good old fashioned SQL injections next to malware IMAGE http://www.secuobs.com/revue/news/190304.shtmlhttp://www.secuobs.com/revue/news/190304.shtml Targeted Injection Attacks on the Rise2010-02-10 02:33:44 - Hack In The Box : In the latter half of 2009, criminal hackers went from mass SQL injection campaigns to targeted attacks SQL is abbreviation of Structured Query Language Pronounced â Ess Que Elâ or â Sequelâ The attackers shift in strategy focused on targeting high-profile websites, concluded Websenseâ s State of Internet Security report for the third and fourth quarter of 2009 SQL injections have evolved in their purpose and sophistication Originally meant as a tool to attack a merchantâ s database and steal data The attack was reconfigured last summer to install viruses on usersâ computers that contain a remote control component Matt Chambers with Corporate IT Solutions says, â Web applications are one of the most outward facing components a corporation contains in its network design, and one of the least protected Applications typically take input information and send it to a database for storage and processing We interact with these kinds of applications every day, whether itâ s a signup form or a login page for a favorite networking siteâ http://www.secuobs.com/revue/news/190285.shtmlhttp://www.secuobs.com/revue/news/190285.shtml Zomorrod Cms Sql Injection Vulnerability2010-02-10 01:43:52 - Exploit DB updates : http://www.secuobs.com/revue/news/190269.shtmlhttp://www.secuobs.com/revue/news/190269.shtml Mass injection web hacks yield to targeted attacks2010-02-10 00:31:10 - Digital Forensics Magazine supporting the professional computer security industry : Mass injection web hacks yield to targeted attacks Trading quantity for quality http://www.secuobs.com/revue/news/190242.shtmlhttp://www.secuobs.com/revue/news/190242.shtml Newsletter Tailor Auth Bypass SQL Injection Vulnerability2010-02-09 23:26:17 - Exploit DB updates : http://www.secuobs.com/revue/news/190225.shtmlhttp://www.secuobs.com/revue/news/190225.shtml Yes Solutions - Webapp SQL Injection 2010-02-09 23:26:17 - Exploit DB updates : http://www.secuobs.com/revue/news/190224.shtmlhttp://www.secuobs.com/revue/news/190224.shtml MOJO's IWMS 7 SQL Injection Cross Site Scripting2010-02-09 23:26:17 - Exploit DB updates : http://www.secuobs.com/revue/news/190223.shtmlhttp://www.secuobs.com/revue/news/190223.shtml China Tops in Botnets, SQL Injection Attacks2010-02-09 23:03:27 - eSecurity Planet Features : McAfee security researchers predict Internet-based cyber attacks will continue to escalate in quantity, sophistication as hackers target the most popular social networking sites, search topics in 2010 http://www.secuobs.com/revue/news/190213.shtmlhttp://www.secuobs.com/revue/news/190213.shtml LDAP Injection POC2010-02-09 21:59:47 - Exploit DB updates : http://www.secuobs.com/revue/news/190186.shtmlhttp://www.secuobs.com/revue/news/190186.shtml Blue Dove Sql Injection Vulnerability2010-02-09 02:54:35 - Exploit DB updates : http://www.secuobs.com/revue/news/189839.shtmlhttp://www.secuobs.com/revue/news/189839.shtml Rostermain 11 Auth Bypass SQL Injection Vulnerability2010-02-08 06:08:31 - Exploit DB updates : http://www.secuobs.com/revue/news/189506.shtmlhttp://www.secuobs.com/revue/news/189506.shtml Exponent CMS 0963 articlemodule Sql Injection Vulnerability2010-02-07 22:00:33 - Exploit DB updates : http://www.secuobs.com/revue/news/189450.shtmlhttp://www.secuobs.com/revue/news/189450.shtml Belkatalog CMS SQL Injection Vulnerability2010-02-07 22:00:33 - Exploit DB updates : http://www.secuobs.com/revue/news/189449.shtmlhttp://www.secuobs.com/revue/news/189449.shtml Joomla Component com_productbook SQL Injection Vulnerability2010-02-07 22:00:33 - Exploit DB updates : http://www.secuobs.com/revue/news/189447.shtmlhttp://www.secuobs.com/revue/news/189447.shtml Killmonster 21 Auth Bypass SQL Injection Vulnerability2010-02-07 22:00:33 - Exploit DB updates : http://www.secuobs.com/revue/news/189445.shtmlhttp://www.secuobs.com/revue/news/189445.shtml Zen Tracking 22 Auth Bypass SQL Injection Vulnerability2010-02-07 20:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/189428.shtmlhttp://www.secuobs.com/revue/news/189428.shtml Baal Systems 38 Auth Bypass SQL Injection Vulnerability2010-02-07 20:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/189427.shtmlhttp://www.secuobs.com/revue/news/189427.shtml