The Joomla CMS project released today Joomla 3.7.1 to fix an SQL injection flaw that allows attackers to execute custom SQL code on affected systems and take over vulnerable sites. Sucuri analyst Marc ...

Users of a widely used firewall from Sophos have been under a zero-day attack that was designed to steal usernames, cryptographically protected passwords, and other sensitive data, officials with the ...

Attack code was published on Friday that exploits a critical vulnerability in the Magento e-commerce platform, all but guaranteeing it will be used to plant payment card skimmers on sites that have ...

Last week, Trustwave SpiderLabs discovered a SQL injection vulnerability exploit in widely popular web content management software (CMS) Joomla that allowed for access to administrative areas. Shortly ...

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application ...

Several high-profile hacks over the past year including those at Heartland, Hannaford Bros., and 7-11, all have had one thing in common: they were launched with a SQL injection attack. Cross-site ...

WordPress Loginizer Plugin has issued a security patch for a vulnerability that could allow a hacker to modify a database through an Unauthenticated SQL Injection ...

A critical vulnerability in the Cacti Web-based open source framework for monitoring network performance gives attackers a way to disclose Cacti's entire database contents — presenting a prickly risk ...

The proof-of-concept exploit is easy to execute, and could foretell wider targeting of the Fortinet vulnerability by attackers. Security researchers have released technical details and a ...

Reports that the latest SQL injection exploit may have impacted hundreds of thousands of sites running IIS and SQL Server in recent days has put Microsoft, once again, on the defensive. Redmond's ...