MS SQL Server 2000/2005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer

% Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD = PackDWORD & UnEscape"%u" & MidstrTmp, 5, 2 & MidstrTmp, 7...

NetRipper - Smart Traffic Sniffing for Penetration Testers

NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipp...

Multiple IBM Products Information Disclosure Vulnerabilities

IBM Tivoli Storage Manager TSM for Databases: Data Protection for Microsoft SQL Server is a product of IBM Corporation in the U.S. IBM TSM for Databases is a backup and recovery management solution for databases. IBM Tivoli Storage Manager for Mail is a software module that automates data...

CVE-2015-4949

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception...

Design/Logic Flaw

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception...

Design/Logic Flaw

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before...

CVE-2015-6557

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before...

CVE-2015-4949

IBM Tivoli Storage Manager products expose cleartext passwords in exception messages and traces when application tracing or GUI popups occur (CVE-2015-4949; related CVE-2015-6557). Affected: TSM for Databases (SQL Server) 7.1 before 7.1.2, TSM for Mail (Exchange) 7.1 before 7.1.2, and Tivoli Stor...

CVE-2015-6557

The CVE-2015-6557 issue affects IBM Tivoli Storage Manager suites (Databases, Mail, FlashCopy Manager) when application tracing is enabled. It discloses cleartext passwords in trace output or GUI exception messages, allowing a local attacker with access to the system to obtain sensitive credentia...

Moderate: Red Hat Security Advisory: mysql55-mysql security update

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Smart Traffic Sniffing: NetRipper

Smart Traffic Sniffing NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before...

Microsoft Remote Desktop Session Host CVE-2015-2472 Spoofing Vulnerability

Description Microsoft Remote Desktop Session Host is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. Attackers can exploit this issue to spoof and impersonate a legitimate user. Other attacks are also possible. Technologies Affected Microsoft SQL Server 200...

CVE-2011-5323

GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that...

Hardcoded credentials

GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that...

Default credentials

GE Healthcare Centricity Analytics Server 1.1 has a default password of 1 V0yag3r for the SQL Server sa user, 2 G3car3s for the analyst user, 3 G3car3s for the ccg user, 4 V0yag3r for the viewer user, and 5 geservice for the geservice user in the Webmin interface, which has unspecified impact and...

CVE-2011-5322

GE Healthcare Centricity Analytics Server 1.1 has a default password of 1 V0yag3r for the SQL Server sa user, 2 G3car3s for the analyst user, 3 G3car3s for the ccg user, 4 V0yag3r for the viewer user, and 5 geservice for the geservice user in the Webmin interface, which has unspecified impact and...

CVE-2011-5323

GE Healthcare Centricity PACS-IW versions 3.7.3.7 and 3.7.3.8 (and possibly others) are documented as having a built-in sa SQL server account password, A11enda1e. The descriptions note the impact and attack vectors are unspecified and do not clarify whether this password is default, hardcoded, or...

CVE-2011-5322

GE Healthcare Centricity PACS-IW (Centricity PACS-IW) is vulnerable via default/hard-coded credentials documented for CVE-2011-5322 in Centricity Analytics Server 1.1, notably in the Webmin interface where several accounts use known passwords (e.g., V0yag3r, G3car3s, geservice). Exploitation coul...

CVE-2011-5323

GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that...

Microsoft SQL Server Privilege Vulnerability

Microsoft SQL Server is the United States Microsoft Microsoft company develops and maintains a set of applications in the Microsoft Windows system under the large commercial database system. An elevation of privilege vulnerability exists in Microsoft SQL Server, which can be exploited by an...