Recently a drive in one of our VMware ESXi servers failed. The drive was part of a RAID array, so this failure did not cause any immediate problems. However, what surprised us was that VMware vCenter did not trigger any alarms about this drive failure.
We discovered a SQL injection vulnerability in the web server component of the Scientia Syllabus+ timetabling product, Scientia Web Server (SWS). Insufficient input checking of user-controlled filter options allows execution of arbitrary SQL commands.