After all these years, SQL injection vulnerabilities still stand as an old reliable for attackers seeking to break into corporate databases. "SQL injection is still out there for one simple reason: it works!" says Tim Erlin, director of IT security and risk strategy for Tripwire. "As long as there are so many vulnerable web applications with databases full of monetizable information behind them, SQL injection attacks will continue."
The official website of the Kochi Metro Rail Corporation was hacked by a group which calls itself ‘ReZk2LL team’, in the wee hours of Monday. The hackers also uploaded a picture of the Palestinian flag along with anti-Israeli posts to indicate that the site, www.kochimetro.org had been hacked.
We are sorry to report that hackers gained access to our forum and game databases and the player data in those databases," Publisher OP Productions said in a press statement today. "We have launched a thorough investigation covering our entire system to determine the scope of the intrusion...As part of the remediation and security enhancement process we will be taking the game and forums down temporarily.
Aaron Titus Chief Privacy Officer at Identity Finder has analyzed a hack by the Anonymous hacker ;Par:Anoia,claiming to have attacked a website belonging to the U.S. Department of State.
Titus analysis indicates that the hack contains the following information:
Commedia - a component and content plugin that allows you to create a content table containing all of the MP3's that are present in any directory of your site, a FTP-server (folder, single path to ftp-file) or a HTTP(S)-server (DROPBOX, folder, single path to http-file or http-radio).
ManageEngine Security Manager Plus versions 5.5 build 5505 remote SYSTEM/root SQL injection exploit that spawns a shell.
ManageEngine offers simple, easy-to-use IT Management products at a price that every business can afford. It is thoughtfully built with SMBs in mind and eventually scales for large businesses. The ManageEngine 90-10 promise gets you 90% of the features of the Big 4 at 10% of the price.
Campaign Enterprise 11 suffers from multiple remote SQL injection, unauthorized access, clear text password storage, and direct access bypass vulnerabilities.
Campaign Enterprise 11, by ArialSoftware (www.arialsoftware.com), "is
a mass email system you install on your own computer or server, is
accessible using a web browser inside and/or outside your network, is
only a one-time cost, and has the best US-based tech support
The IBM X-Force 2011 Trend and Risk Report is based on intelligence gathered by one of the industry's leading security research teams through its research of public vulnerability disclosures findings from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily in 2011.
Manager IBM X-Force Threat Intelligence and Strategy covers some of the security trends from the first half of 2011.
Web applications are increasingly popular victims of security attacks. Injection attacks, such as Cross Site Scripting or SQL Injection, are a persistent problem.
Even though developers are aware of them, the suggested
best practices for protection are error prone: unless all
user input is consistently ﬁltered, any application may be
When hosting web applications, administrators face a dilemma: they can only deploy applications that are trusted or they risk their system’s security.