4530 matches found
Plesk/myLittleAdmin ViewState .NET Deserialization
This module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded parameters in the web.config file for ASP.NET. Popular web hosting control panel Plesk offers myLittleAdmin as ...
Microsoft SQL Server Management Studio Information Disclosure (CVE-2019-1313)
An information disclosure vulnerability exists in microsoft sql server management studio. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Success in security: reining in entropy
Your network is unique. It’s a living, breathing system evolving over time. Data is created. Data is processed. Data is accessed. Data is manipulated. Data can be forgotten. The applications and users performing these actions are all unique parts of the system, adding degrees of disorder and...
Update Rollup 6 for System Center 2012 R2 Data Protection Manager
Update Rollup 6 for System Center 2012 R2 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 6 for Microsoft System Center 2012 R2 Data Protection Manager. Additionally, this article contains the installation instructions for Update Rollup 6 for...
Issues that are fixed in System Center 2012 Data Protection Manager SP1 Update Rollup 5
Issues that are fixed in System Center 2012 Data Protection Manager SP1 Update Rollup 5 Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 Data Protection Manager Service Pack 1 SP1. Additionally, this article contains the installatio...
KLA11776 SUI vulnerability in Microsoft SQL Server
SUI vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2020-1173 Related products Microsoft-SQL-Server CVE list CVE-2020-1173 warning KB list Solution Install necessary updates from the KB section, that...
MS02-008: XMLHTTP control in MSXML 4.0 can allow access to local files
For additional information about this vulnerability, click the following article numbers to view the articles in the Microsoft Knowledge Base:318203 MS02-008: XMLHTTP control in MSXML 3.0 can allow access to local files318202 MS02-008: XMLHTTP control in MSXML 2.0 can allow access to local...
Logic flaw vulnerability in old y article management system
The old y article management system is based on the old y Asp Access/Mssql environment developed under the open source website building products . Old y article management system has a logic flaw vulnerability , attackers can use the vulnerability to obtain sensitive information...
Mssqlproxy - A Toolkit Aimed To Perform Lateral Movement In Restricted Environments Through A Compromised Microsoft SQL Server Via Socket Reuse
mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on the SQL server. Please read this article carefully before continuing. It consists of three part...
CVE-2020-10875
Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...
Path traversal
Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...
CVE-2020-10875
Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...
CVE-2020-10875
The CVE-2020-10875 entry applies to Motorola FX9500 devices (Zebra FX9500 rebrand). A remote attacker can perform an absolute path traversal, demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. The Red Hat and CNVD entries corroborate the vulnerability description; Tenable p...
Microsoft SQL Server Remote Code Execution (CVE-2020-0618)
A remote code execution vulnerability exists in Microsoft SQL server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
SQL Server Reporting Services (SSRS) ViewState Deserialization Exploit
A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server. This module...
SQL Server Reporting Services (SSRS) ViewState Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SQL Server Reporting Services SSRS ViewState Deserialization', 'Description' = %q A vulnerability exists within Microsoft's SQL Server Reporting...
SQL Server Reporting Services (SSRS) ViewState Deserialization
A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server. This module...
Sql injection
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...
CVE-2020-8611
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...
Security Updates for Microsoft SQL Server (February 2020)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who...