Posts Tagged ‘SQL-injection’

AnonymousAmerican company Imperva, which develops solutions for data protection, published its 17-page report on the study of a certain of hackers group Anonymous. We can not say that the report reveals the terrible conspiracy attacks, but, nevertheless, as a systematic picture of it is very convenient.

So, according to the report, Anonymous – this is not a group of hackers capable of in a few hours or days to hack any server and steal any information. Although there were precedents for the successful attack on such a reputable organization as StratFor and others, the success of an attack due more to carelessness resource managers, not any super engineering attacks. So the researchers believe that while Anonymous and have some specific techniques, however, the group prefers well-known techniques – first of all, this SQL-injection and DDOS-attack, and, Anonymous, usually first try to steal data, and then if it is not crowned with success, organize DDOS victim to the resource. (more…)

SQL-InjectionVulnerability: SQL-injection in Admidio

Impact:

– Cross Site Scripting;
– Unauthorized manipulation of data.

Affected products: Admidio 2.x

Affected versions: Admidio 2.3.5, possibly earlier.

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database. (more…)

Joomla vulnerabilityAffected products: iCagenda 1.x (Component for Joomla!)

Impact: Unauthorized change

Affected versions: Joomla! iCagenda 1.1.4, possibly earlier.

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database.

The vulnerability is caused due to insufficient input validation in the “id” parameter in the script index.php (when the parameter “option” is “com_icagenda”, “view” is “list”, and “layout” is “event”). This can be exploited to execute arbitrary SQL commands in the application database. (more…)

Joomla vulnerabilityAffected products: Komento 1.x (component for Joomla!)

Affected versions: Joomla! Komento 1.0.2769, possibly earlier.

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database.

The vulnerability is caused due to insufficient input validation in the parameter “cid” in the script index.php / component / komento / rss (when the parameter “view” is “rss”). This can be exploited to execute arbitrary SQL commands in the application database. (more…)