August 30, 2024 at 07:24AM Fortra announced patches for critical vulnerabilities in FileCatalyst Workflow, including a flaw involving leaked credentials (CVE-2024-6633) and a high-severity SQL injection issue (CVE-2024-6632). These vulnerabilities could grant an attacker remote access and perform dangerous operations. The company advises customers to update to FileCatalyst Workflow version 5.1.7 build 156 to mitigate … Read more
July 18, 2024 at 07:45AM Ivanti released patches for high-severity vulnerabilities in Endpoint Manager and Endpoint Manager for Mobile, including hotfix for an SQL injection flaw. Also, patches for four vulnerabilities impacting all versions of Endpoint Manager for Mobile were released. Additionally, patches for a medium-severity path traversal-affiliated vulnerability in Ivanti Docs@Work for Android were … Read more
July 10, 2024 at 12:54PM VMWare, owned by Broadcom, issued patches for a high-risk SQL-injection vulnerability in Aria Automation, allowing an authenticated malicious user to manipulate databases. Tracked as CVE-2024-22280, the flaw permits unauthorized read and write operations in the database through specially crafted SQL queries. The bug carries a CVSS severity score of 8.5/10 … Read more
June 28, 2024 at 07:12AM Fortra released patches for a critical SQL injection vulnerability (CVE-2024-5276, CVSS 9.8) in FileCatalyst Workflow version 5.1.6 Build 135 and earlier. This flaw could create administrative user accounts and modify application data. Tenable identified the issue and published PoC code for exploiting it. Fortra addressed the vulnerability in version 5.1.6 … Read more
June 27, 2024 at 03:36AM A critical security flaw, tracked as CVE-2024-5276, has been disclosed in Fortra FileCatalyst Workflow, allowing attackers to tamper with the application database. The vulnerability, with a CVSS score of 9.8, impacts versions 5.1.6 Build 135 and earlier, but has been addressed in version 5.1.6 build 139. Tenable released a proof-of-concept … Read more
June 25, 2024 at 07:51AM A new threat actor named Boolka has been targeting websites with malicious scripts to distribute a trojan called BMANAGER. Using SQL injection attacks since 2022, Boolka infects sites with JavaScript capable of capturing user data. The trojan deploys multiple modules to steal sensitive information and establishes persistence on the host. … Read more
June 23, 2024 at 03:08PM Hackers are exploiting a flaw in the pkfacebook module for PrestaShop to deploy a card skimmer and steal credit card details from vulnerable e-commerce sites. The flaw, tracked as CVE-2024-36680, allows for SQL injection vulnerabilities. Promokit claims the flaw was fixed, but Friends-Of-Presta warns of active exploitation and recommends specific … Read more
June 13, 2024 at 03:40PM Researchers developed a proof-of-concept exploit for an SQL injection bug, CVE-2024-29824, in Ivanti Endpoint Manager. The bug allows unauthenticated attackers to execute code remotely, posing a significant threat. Ivanti responded promptly, releasing a patch within six weeks. Organizations are advised to implement the patch and restrict access to the management … Read more
May 23, 2024 at 05:39AM Ivanti has released fixes for multiple critical security flaws in Endpoint Manager (EPM), addressing SQL injection vulnerabilities and high-severity security flaws in other products. Additionally, a critical flaw in the open-source Genie federated Big Data orchestration and execution engine has been disclosed, posing a risk for remote code execution. The … Read more
May 22, 2024 at 07:42AM IT software company Ivanti released patches for several products, including critical vulnerabilities in Endpoint Manager (EPM). The fixes addressed SQL injection bugs and unrestricted file upload issues. Ivanti urged customers to update to the latest versions to apply the fixes. The company also reaffirmed its commitment to enhancing security practices. … Read more