SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor

SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity ...
Network World

Massive SQL-injection attack not Microsoft’s fault, security official says

F-Secure found evidence of yet another massive round of infected Web sites on Thursday, all compromised by SQL injection attacks. Many pundits in the blogosphere were quick to blame Microsoft IIS ...
Dark Reading

How to Tame SQL Injection

For more than a decade, injection vulnerabilities have literally topped the charts of critically dangerous software flaws, deemed more serious than all other types of vulnerabilities in the 2010, 2013 ...

SAP fixes serious security issues - here's how to stay safe

Security researchers SecurityBridge, who notified SAP after finding the flaw, described as a “missing input sanitation” ...
Dark Reading

Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability

A critical vulnerability in the Cacti Web-based open source framework for monitoring network performance gives attackers a way to disclose Cacti's entire database contents — presenting a prickly risk ...
The Verge

Researchers say a bug let them add fake pilots to rosters used for TSA checks

TSA security could be easily bypassed by using a simple SQL injection technique, say security researchers. TSA security could be easily bypassed by using a simple SQL injection technique, say security ...
heise online

VMware HCX: Code smuggling possible through SQL injection gap

There is a security vulnerability in VMware HCX that allows attackers to inject and execute code. Broadcom is providing updated software that fixes the underlying bugs. IT managers should apply the ...