Yahoo quickly fixes Flickr SQL injection, remote code execution flaws

Adam GreenbergApril 14, 2014

A security researcher identified flaws in popular photo sharing service Flickr that could result in SQL injection and remote code execution, but Yahoo acknowledged and quickly patched the problems.

The SQL injection bugs open the door for remote code execution, Ibrahim Raafat wrote in a Saturday post, explaining he was ultimately able to obtain the MYSQL root password and gain access to sensitive information contained within the Flickr database.

Raafat originally launched Flickr to check if a vulnerability he previously reported to Yahoo had been patched, but soon discovered two Blind SQL Injection vulnerabilities and a Direct SQL Injection flaw in the Flickr Photo Books feature.

The researcher reported the vulnerabilities to Yahoo and the internet corporation patched the problems within six hours, Raafat wrote.

Adam Greenberg

Vulnerability management

AI Can’t Stop, Won’t Stop; Early Stage Funding is Strong; YouTubers Hacked – ESW #311

March 30, 2023

In the enterprise security news, early stage startup funding stays constant, but late stage is nowhere to be found. Cisco, XM Cyber, and Mastercard make acquisitions. YouTube channels keep getting hacked. Microsoft fails to use Azure securely. Organizations are making progress on zero trust, but slowly. Finally, more discussion on AI threats, conce...

Threat intelligence

Chinese hackers tied to novel Linux malware

SC StaffMarch 30, 2023

Chinese hackers tied to novel Linux malware Linux servers are being targeted by the new Mlofe, which has been associated with Chinese state-sponsored advanced persistent threat operations APT41, also known as Winnti, and Earth Berberoka, also known as GamblingPuppet, The Hacker News reports.