Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SUSERSNAME Windows Domain Account Enumeration', 'Description' = %q This module can be used to bruteforce RIDs associated wit...

Lansweeper Credential Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lansweeper Credential Collector', 'Description' = %q Lansweeper stores the credentials it uses to scan the computers in its Microsoft SQL databas...

Oracle Linux 8 : grafana (ELSA-2024-5291)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5291 advisory. 9.2.10-17 - Allow for mssql datasource in selinux policy - Resolves RHEL-43435 Tenable has extracted the preceding description block directly from the...

grafana security update

9.2.10-17 - Allow for mssql datasource in selinux policy - Resolves RHEL-43435...

Metasploit Weekly Wrap-Up 08/02/2024

Metasploit goes to Hacker Summer Camp Next week, Metasploit will have demos at both Black Hat and DEF CON where the latest functionality from this year will be presented. The Black Hat demo will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on Saturday the 10th from 12:0...

CVE-2024-6912

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0...

CVE-2024-6912 Hardcoded MSSQL Credentials

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0...

CVE-2024-6912 Hardcoded MSSQL Credentials

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0...

CVE-2024-6912

CVE-2024-6912 affects PerkinElmer ProcessPlus on Windows, due to hard-coded MSSQL credentials in the application. Vulnerable in ProcessPlus versions through 1.11.6507.0; remediation available in fixed version 2.0.0 (per CyberDanube/PacketStorm data). The issue enables (or could enable) login acce...

GHSA-V42G-7Q2X-CW32 Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. We tested and verified the null byte...

Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. We tested and verified the null byte...

Metasploit Wrap-Up 05/17/2024

LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to...

Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation Framework

Hakuin is a Blind SQL Injection BSQLI optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently extract databases DB from vulnerable web applications. To speed up the process, Hakuin utilizes a variety of optimizati...

Metasploit Wrap-Up 05/10/2024

Password Spraying support Multiple bruteforce/login scanner modules have been updated to support a PASSWORDSPRAY module option. This work was completed in pull request 19079 from nrathaus as well as an additional update from our developers . When the password spraying option is set, the order of...

NTLM Relay Gat - Powerful Tool Designed To Automate The Exploitation Of NTLM Relays

NTLM Relay Gat is a powerful tool designed to automate the exploitation of NTLM relays using ntlmrelayx.py from the Impacket tool suite. By leveraging the capabilities of ntlmrelayx.py, NTLM Relay Gat streamlines the process of exploiting NTLM relay vulnerabilities, offering a range of...

MSSQL Version Utility

Executes a TDS7 pre-login request against the MSSQL instance to query for version information. Module Options msf use auxiliary/scanner/mssql/mssqlversion msf auxiliarymssqlversion show actions ...actions... msf auxiliarymssqlversion set ACTION msf auxiliarymssqlversion show options ...show and s...

Avalanche 6.4.3 Security Hardening and CVEs addressed

Avalanche 6.4.3 has addressed some new security hardening and vulnerabilities in our Q1 2024 release. We are not aware of any exploitation of these vulnerabilities at the time of disclosure. To address the security vulnerabilities listed below, it is highly recommended to download the Avalanche...

Remote Code Execution (RCE)

mssql-django is vulnerable to Remote Code Execution RCE. The vulnerability is caused due to improper parameter sanitization, allowing attackers to execute arbitrary SQL statements, which can result in Remote Code Execution RCE...

crudxworkertejas1899 (=0.4.0) potentially affected by CVE-2024-26164 via mssql-django (=1.2.0)

mssql-django PYPI version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on mssql-django and may be impacted: - crudxworkertejas1899 =0.4.0 Source cves: CVE-2024-26164 Source advisory: OSV:GHSA-VMQV-47J8-GWV8...

BIT-VAULT-2023-0620 Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL MSSQL Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provide...