heise online

Zoho ManageEngine ADManager Plus: Attackers can inject SQL commands

There is a security vulnerability in ManageEngine ADManager Plus that allows attackers unauthorized access. They can inject arbitrary SQL queries. A software update is available to patch the ...
Dark Reading

CISA Seeks to Curtail 'Unforgivable' SQL Injection Defects

SQL injection vulnerabilities continue to plague supply chains, prompting a joint alert from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) ...
GIGAZINE

'Lord of SQL Injection', a site where you can learn about SQL injection vulnerabilities while capturing dungeons

First, access Lord of SQL Injection and click '[enter to the dungeon]'. It's my first time to use Lord of SQL Injection, so click 'Join'. Enter the ID, email address, and password used in Lord of SQL ...
TechRadar

Microsoft confirms Azure attacks using breached SQL servers

Hackers are targeting Azure virtual machines (VM) using flawed Microsoft SQL servers as a stepping stone, security researchers have revealed. Microsoft’s experts recently reported observing the method ...
dbta

Addressing SAP’s SQL Injection Attacks and Directory Traversal Vulnerabilities

SAP platforms, used by 99 of the Fortune 100 companies and with over 280 million cloud subscribers worldwide, are among the most reliable business applications. As SAP administrators, your role in ...
The Verge

Researchers say a bug let them add fake pilots to rosters used for TSA checks

TSA security could be easily bypassed by using a simple SQL injection technique, say security researchers. TSA security could be easily bypassed by using a simple SQL injection technique, say security ...
Dark Reading

Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability

A critical vulnerability in the Cacti Web-based open source framework for monitoring network performance gives attackers a way to disclose Cacti's entire database contents — presenting a prickly risk ...