Understanding the Recent Vulnerability in CMSsite 1.0 CMSsite 1.0 recently faced a significant security threat due to a SQL injection vulnerability (CVE-2019-25674). This vulnerability allows unauthenticated attackers to manipulate database queries by injecting malicious SQL code. Such vulnerabilities can lead to unauthorized access to sensitive database information, making it crucial for system administrators and hosting […]
Understanding the eDirectory SQL Injection Vulnerability The recent discovery of multiple SQL injection vulnerabilities in eDirectory has raised significant concerns among system administrators and hosting providers. This vulnerability (CVE-2019-25675) allows attackers to bypass authentication and access sensitive files without any prerequisite credentials. What is CVE-2019-25675? This vulnerability is specifically tied to SQL injection, which is […]
Understanding the Recent Vulnerability in CMSsite 1.0 CMSsite 1.0 recently faced a significant security threat due to a SQL injection vulnerability (CVE-2019-25674). This vulnerability allows unauthenticated attackers to manipulate database queries by injecting malicious SQL code. Such vulnerabilities can lead to unauthorized access to sensitive database information, making it crucial for system administrators and hosting […]
Understanding the eDirectory SQL Injection Vulnerability The recent discovery of multiple SQL injection vulnerabilities in eDirectory has raised significant concerns among system administrators and hosting providers. This vulnerability (CVE-2019-25675) allows attackers to bypass authentication and access sensitive files without any prerequisite credentials. What is CVE-2019-25675? This vulnerability is specifically tied to SQL injection, which is […]
Last week the Chief Content Manager of HostAdvice, a company who provides transparent and handy advice for those who are looking for Hosting Providers, interviewed our CEO George Egri about the nitty-gritty details of BitNinja. They have covered topics like: Why this product is better than other solutions George's views about the future of security […]
XML-RPC attacks are “trending” nowadays. If you search for “XML-RPC attack” on Google, you can see approximately 380,000 results. Most of the articles deal with XML-RPC attacks on WordPress-based websites. What is XML-RPC? RPC stands for remote procedure call and XML is the abbreviation of Extensible Markup Language. XML is widely used to represent data […]
In this article we will be dealing with OpenShift and Kubernetes technology. You can find some explanations about the terms used at the end of the article. If you want to take the neccessary steps to upgrade your own application, the first thing to do will be turning your pile of code into a container […]
Do you have a monolithic application (for example a complex server-side enterprise application) with big features like support varieties of different clients, API for 3rd parties and some integrations with other web services and message brokers? Code usage is tolerable, but you want to release a smashing feature in the future, though you do not […]
In the last 2 weeks, we released 2 new versions of BitNinja. Let’s take a look at the novelties: BitNinja version 1.12.10: CaptchaChallenge pages now use 403 status code instead of 200. Good bots will notice it and leave it. This means, that the good bots will recognize our captcha pages, and won’t walk around […]
Before the expansion of Windows Operational Systems and the creation of the Linux, the world was ruled by UNIX systems. The UNIX was used predominantly in the 1980’s. Despite of its positive traits it was mainly used by research centers, institutes and school’s operational system. It can be thanked partly to its price, and also […]
This time of the year is always very cheerful. It’s the holiday season; everyone is happy and excited with all the festivities going on. But it’s important to be careful, especially during the holidays and going into the new year. Hackers prey during this time period, distractions from the season are all around. Hackers need […]
Let’s see a real-life evidence from the BitNinja logs how we detect and block script injection. The hackers always think they can fool the software, but the malicious scripts and packages are constantly dropped by Ninja Security. Being a machine-learning system, BitNinja collects the attack information and spreads it to other protected servers, so they will […]
Let’s start with the definition. Ransomware is a kind of malware that installs itself onto an unprotected computer, encrypts some files, and asks for a certain amount of money for decryption or to not publish certain sensitive information online. It is called a denial-of-access attack and it can be very frustrating because you know that the […]
Understanding CVE-2019-25676 The cybersecurity landscape is constantly evolving, and recently a high-impact vulnerability has emerged concerning the Ask Expert Script 3.0.5. This vulnerability, known as CVE-2019-25676, exposes systems to significant risks from unauthenticated attackers. Understanding its implications is crucial for all system administrators and hosting providers. What is CVE-2019-25676? CVE-2019-25676 is a critical vulnerability that […]
Introduction to CVE-2019-25678 CVE-2019-25678 reveals critical SQL injection vulnerabilities in the C4G Basic Laboratory Information System (BLIS) version 3.4. This security flaw allows attackers to execute arbitrary SQL commands. Server administrators and hosting providers must understand the implications to safeguard their systems. Understanding the Threat Attackers can exploit these vulnerabilities by sending GET requests to […]
Understanding CVE-2026-5538 and Its Impact on Server Security A recently discovered vulnerability, CVE-2026-5538, has been identified in QingdaoU OnlineJudge software, affecting versions up to 1.6.1. This vulnerability allows for server-side request forgery, which can be exploited remotely. System administrators and hosting providers must be vigilant to protect their infrastructures against this type of attack. Details […]
Introduction In the realm of cybersecurity, vulnerabilities pose significant risks to system administrators and hosting providers. Recently, a high-severity vulnerability, CVE-2026-5536, was identified in the FedML-AI framework. This weakness can be exploited to perform deserialization attacks remotely, potentially compromising Linux servers. Understanding CVE-2026-5536 CVE-2026-5536 impacts versions of FedML-AI up to 0.8.9. The vulnerability resides within […]
Understanding CVE-2026-5535 A recently disclosed vulnerability, CVE-2026-5535, has come into the spotlight, affecting the FedML-AI platform versions up to 0.8.9. This vulnerability allows remote attackers to conduct path traversal attacks through the FileUtils.java file of the MQTT Message Handler component. Such exploitability poses serious risks for server administrators and hosting providers, emphasizing an urgent need […]
Introduction In the realm of cybersecurity, vulnerabilities pose significant risks to system administrators and hosting providers. Recently, a high-severity vulnerability, CVE-2026-5536, was identified in the FedML-AI framework. This weakness can be exploited to perform deserialization attacks remotely, potentially compromising Linux servers. Understanding CVE-2026-5536 CVE-2026-5536 impacts versions of FedML-AI up to 0.8.9. The vulnerability resides within […]
Understanding CVE-2026-5535 A recently disclosed vulnerability, CVE-2026-5535, has come into the spotlight, affecting the FedML-AI platform versions up to 0.8.9. This vulnerability allows remote attackers to conduct path traversal attacks through the FileUtils.java file of the MQTT Message Handler component. Such exploitability poses serious risks for server administrators and hosting providers, emphasizing an urgent need […]
