Microsoft SQL Server DB Compliance Checks

Binary data mssqldbcompliancecheck.nbin...

Description of the security update for SharePoint Foundation 2013: October 11, 2022 (KB5002284)

Description of the security update for SharePoint Foundation 2013: October 11, 2022 KB5002284 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...

Hundreds of Microsoft SQL servers found to be backdoored

Researchers at DCSO CyTec recently found a backdoor that specifically targets Microsoft SQL servers. The malware acts as an Extended Stored Procedure, which is a special type of extension used by Microsoft SQL servers. After scanning approximately 600,000 servers worldwide, they found 285 servers...

EUVD-2022-38709

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2022-36120

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative...

CVE-2022-34005

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...

CVE-2022-34006

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT...

Design/Logic Flaw

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT...

Remote code execution

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...

CVE-2022-34006

Titan FTP Server NextGen (pre-1.2.1050) is affected by a flaw in the installation of Microsoft SQL Express 2019 where the SQL instance runs as SYSTEM with BUILTIN\Users as sysadmin. This configuration can allow an unprivileged Windows user to execute commands locally as NT AUTHORITY\SYSTEM (NX-I6...

Security Updates for Microsoft SQL Server (June 2022)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

CVE-2022-29143

Microsoft SQL Server Remote Code Execution Vulnerability...

Remote code execution

Microsoft SQL Server Remote Code Execution Vulnerability...

CVE-2022-29143

CVE-2022-29143 describes a remote code execution vulnerability in Microsoft SQL Server where a specially crafted query against a table with a Column Store index can corrupt memory. Public details in the connected sources indicate exploitation could occur through authenticated access over network,...

CVE-2022-29143 Microsoft SQL Server Remote Code Execution Vulnerability

...

KLA12562 RCE vulnerability in Microsoft SQL Server

A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2022-29143 Related products Microsoft-SQL-Server Microsoft-Azure CVE list CVE-2022-29143 unknown KB list 5014354 5014353 50153...

Vulnerability fixed in Microsoft SQL Server

A vulnerability has been fixed in Microsoft SQL Server. The vulnerability allows an authenticated malicious person to execute arbitrary code, possibly as a Database Administrator, by executing a specially prepared query via the $ partition on a table where a Column Store index is present. Abuse o...

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large-scale commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in Microsoft SQL Server. The following products and versions are affected:Microsoft SQL Server 2017 for x64-based Systems GDR,Microsoft SQL...

Metasploit Weekly Wrap-Up

Ask and you may receive Module suggestions for the win, this week we see a new module written by jheysel-r7 based on CVE-2022-26352 that happens to have been suggested by jvoisin in the issue queue last month. This module targets an arbitrary file upload in dotCMS versions before 22.03, 5.3.8.10,...

new packages: ansible-collection-microsoft-sql

An update is available for ansible-collection-microsoft-sql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release,...