Understanding the Recent Vulnerability in CMSsite 1.0 CMSsite 1.0 recently faced a significant security threat due to a SQL injection vulnerability (CVE-2019-25674). This vulnerability allows unauthenticated attackers to manipulate database queries by injecting malicious SQL code. Such vulnerabilities can lead to unauthorized access to sensitive database information, making it crucial for system administrators and hosting […]

Understanding the eDirectory SQL Injection Vulnerability The recent discovery of multiple SQL injection vulnerabilities in eDirectory has raised significant concerns among system administrators and hosting providers. This vulnerability (CVE-2019-25675) allows attackers to bypass authentication and access sensitive files without any prerequisite credentials. What is CVE-2019-25675? This vulnerability is specifically tied to SQL injection, which is […]

Understanding the Recent Vulnerability in CMSsite 1.0 CMSsite 1.0 recently faced a significant security threat due to a SQL injection vulnerability (CVE-2019-25674). This vulnerability allows unauthenticated attackers to manipulate database queries by injecting malicious SQL code. Such vulnerabilities can lead to unauthorized access to sensitive database information, making it crucial for system administrators and hosting […]

Understanding the eDirectory SQL Injection Vulnerability The recent discovery of multiple SQL injection vulnerabilities in eDirectory has raised significant concerns among system administrators and hosting providers. This vulnerability (CVE-2019-25675) allows attackers to bypass authentication and access sensitive files without any prerequisite credentials. What is CVE-2019-25675? This vulnerability is specifically tied to SQL injection, which is […]

HTTP/2 support with BitNinja WAF 2.0 The version of bitninja-ssl-termination 1.1.0, which is practically a HAProxy (1.8.9), can handle HTTP2 connections. It will be installed automatically by BitNinja (v 1.20.10) and it will reconfigure the configs for HTTP/2. It only affects the HTTPS connections. HTTP2 over TLS (h2) is supported by all of the modern […]

Riskware – a thin line between benign and malicious programs Programming is something that can be used for good and also for bad reasons. We can write software with the sole purpose of causing harm, or we can be developers whose aim is to make things better and easier. Nowadays we can hear a lot […]

There are things we are not really waiting for, in fact we are looking for a way to bypass or avoid them. Unfortunately, some of them are inevitable just like the Cyber Worldwar, which in fact has already begun. Mentionable acts from history There was a historical milestone on May 12th, 2017 when within only […]

As you know, recently we’ve released multiple security patches for the Drupalgeddon vulnerabilities. The last one was Drupal Remote Code Execution - SA-CORE-2018-004, CVE-2018-7602, patched only 2 days after it was first discovered. We’re very proud of our quick reaction time and would like to share some statistics with you about the attacks that were […]

Where it all began Kevin David Mitnick is one of the most famous hackers. At age 13 Mitnick used dumpster dicing and social engineering to bypass the bus ticketing system in Los Angeles, this way he was able to ride the LA area using unused transfer slips. First big step His first unauthorized access to […]

By now, you are likely aware that on May 25, 2018, a new data privacy law introduced in Europe called the General Data Protection Regulation (GDPR) will go into effect. GDPR govern how businesses collect, use and share personal data and it allows individuals to exercise their legal rights. Of course, we have taken the […]

People can never rest. We thought that after the last serious Drupal vulnerablity finally we can rest, but a new threat came up which is including GPON routers made by Dasan. GPON is a type of Passive Optical Network (PON) used to provide fiber connections. It is being used to provide short haul fiber connections […]

Third critical Drupal vulnerability discovered!!! Those who are running a Drupal website couldn’t have a rest over the past few weeks. This is the third time when Drupal recommends to update these sites. During exploring the previous remote code execution (RCE) vulnerability, the CVE-2018-7600, the team discovered a new RCE vulnerability (CVE-2018-7602). If  you or […]

Our team has attended the CloudFest back in March where during the security panel we have attended a presentation about the importance of security by design an important thing in terms of responsibility and suggested OWASP as a standard to start with. In this blog post we would like to show, why it is important […]

Understanding CVE-2019-25676 The cybersecurity landscape is constantly evolving, and recently a high-impact vulnerability has emerged concerning the Ask Expert Script 3.0.5. This vulnerability, known as CVE-2019-25676, exposes systems to significant risks from unauthenticated attackers. Understanding its implications is crucial for all system administrators and hosting providers. What is CVE-2019-25676? CVE-2019-25676 is a critical vulnerability that […]

Introduction to CVE-2019-25678 CVE-2019-25678 reveals critical SQL injection vulnerabilities in the C4G Basic Laboratory Information System (BLIS) version 3.4. This security flaw allows attackers to execute arbitrary SQL commands. Server administrators and hosting providers must understand the implications to safeguard their systems. Understanding the Threat Attackers can exploit these vulnerabilities by sending GET requests to […]

Understanding CVE-2026-5538 and Its Impact on Server Security A recently discovered vulnerability, CVE-2026-5538, has been identified in QingdaoU OnlineJudge software, affecting versions up to 1.6.1. This vulnerability allows for server-side request forgery, which can be exploited remotely. System administrators and hosting providers must be vigilant to protect their infrastructures against this type of attack. Details […]