SQL Injection Isn't Dead — Smuggling Queries at the Protocol Level (Paul Gerste, DEF CON 32) #PDF-1.4 #DEFCON32 #SQLinjection #smugglingqueries #protocollevel https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn%27t%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf
Bypassing airport security via SQL injection #AirportSecurity #SQLInjection #KCM #CASS #CybersecurityVulnerability https://ian.sh/tsa
Bypassing airport security via SQL injection
We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.
From a GLPI patch bypass to RCE #SensePost #GLPI #PatchBypass #RCE #SQLInjection https://sensepost.com/blog/2024/from-a-glpi-patch-bypass-to-rce/
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) #GLPI #SQLinjection #RCE #webexploitation #cybersecurity https://blog.lexfo.fr/glpi-sql-to-rce.html
blog.lexfo.fr
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)
<p>Exploitation of multiple vulnerabilities in GLPI to gain remote code execution from unauthenticated privileges.</p>
Shopware Unfixed SQL Injection in Security Plugin 6 #RedTeamPentesting #Shopware #SQLInjection #SecurityPlugin6 #VulnerabilityDetection https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/
www.redteam-pentesting.de
RedTeam Pentesting - Shopware Unfixed SQL Injection in Security Plugin 6
Shopware is affected by a known SQL injection in older Shopware versions which is fixed in newer Shopware releases. For customers who can not upgrade the main Shopware version the Shopware AG offers the security plugin which patches known vulnerabilities…
You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819) #FreePBX #ZeroDay #CVE202557819 #SQLInjection #VoIPSecurity https://labs.watchtowr.com/you-already-have-our-personal-data-take-our-phone-calls-too-freepbx-cve-2025-57819/
watchTowr Labs
You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819)
We’re back - it’s a day, in a month, in a year - and once again, something has happened.
In this week’s episode of “the Internet is made of string and there is literally no evidence to suggest otherwise”, we present even further evidence that as a
In this week’s episode of “the Internet is made of string and there is literally no evidence to suggest otherwise”, we present even further evidence that as a
The FreePBX Rabbit Hole: CVE-2025-66039 and others #FreePBX #Vulnerabilities #CVE202566039 #RCE #SQLInjection https://horizon3.ai/attack-research/the-freepbx-rabbit-hole-cve-2025-66039-and-others/
Horizon3.ai
The FreePBX Rabbit Hole: CVE-2025-66039 & More
Horizon3.ai uncovers FreePBX flaws, including CVE-2025-66039 auth bypass, SQL injection, and file upload RCE—and shows how NodeZero detects them.