Network World

Microsoft plugs privilege elevation flaw in SQL server

Microsoft’s SQL Server 7.0 and 2000 software contain a critical flaw that allows low privilege users to elevate their privilege level and make changes to tasks created by other users, the company said ...

Ivanti EPM: Security flaws allow SQL injection, privilege escalation

Ivanti warns of three security vulnerabilities in Endpoint Manager (EPM). They allow SQL injection or privilege escalation.

ProFTPD: Code injection via mod_sql possible

The FTP server ProFTPD includes a module called mod_sql. It contains an SQL injection vulnerability that can ultimately lead to the execution of injected code.
CSOonline

Critical Magento SQL injection flaw could be targeted by hackers soon

The Magento content management system used by thousands of online shops has received fixes for several serious vulnerabilities, including an unauthenticated SQL injection flaw that’s likely to soon ...