An XPath injection attack is similar to an SQL injection attack, but its target is an XML document rather than a SQL database. The attacker inputs a string of malicious pre meant to trick the ...

Cross-Site Scripting (XSS) attacks are often misunderstood as harmless glitches that display alerts in the browser, while in actuality they are one of the most powerful and malicious vulnerabilities ...

Roughly 80,000 Web sites in China, 67,000 in the U.S. and 40,000 in India remain compromised and under botnet control as a result of separate and ongoing SQL injection attacks.

If attackers can determine the secret key used by the plug-in, they can launch blind SQL injection attacks that enable them to read sensitive information from the site’s database.

SQL injection also was mentioned as a topic on the “ 2010 CWE/SANS Top 25 Most Dangerous Software Errors ” list released in February.