Hexorbase - Multiple Database Management and Audit Tool

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL...

Release Information for Veeam Backup & Replication 7 Patch 4

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Veeam Backup & Replication Patch 4 Release Notes Cause Please confirm you are running version 7.0.0.690, 7.0.0.715, 7.0.0.764, 7.0.0.771, 7.0.0.833, 7.0.0.83...

用友某通用系统sql注入

简要描述： 用友某通用系统注入 详细说明： 用友TurboCRM存在通用sql注入 http://www.qinyuancrm.com/login/forgetpswd.php?orgcode=1&loginname=dsdfsfds loginname参数存在mssql timebased盲注 Place: GET Parameter: loginname Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: orgcode=1&loginname=dsdfsfds';...

How to migrate Veeam Backup & Replication or Veeam Backup Enterprise Manager

Veeam Backup & Replication Migration Details regarding Veeam Backup & Replication migration are now fully documented in the product user guide. Please review the following documentation: Migrating Veeam Backup & Replication to Another Server Other Migration Types: Migrating Veeam Backup &...

SQL Servers MySQL Vendor-specific SQL Injection

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

大汉版通政府信息公开系统SQL注射2

简要描述： SQL 详细说明： 政府信息公开系统 某处sql注射漏洞 另一个文件里的参数 注入点 zfxxgk/serviceobjectinfo.jsp?servicebm= servicebm过滤不严存在注射 政府网站案例 sqlmap.py -u "http://xxgk.sihong.gov.cn/zfxxgk/serviceobjectinfo.jsp?s ervicebm=" --is-dba --dbs --- Place: GET Parameter: servicebm Type: boolean-based blind Title: AND boolean-based...

大汉版通政府信息公开系统SQL注射

简要描述： 政府信息公开系统 详细说明： 政府信息公开系统 某处sql注射漏洞 注入点 zfxxgk/subjectinfo.jsp?subjectbm= subjectbm参数过滤不严，导致注入 政府网站案例 sqlmap.py -u "http://xxgk.sihong.gov.cn/zfxxgk/subjectinfo.jsp?subjectbm=" --is-dba --dbs payload Place: GET Parameter: subjectbm Type: boolean-based blind Title: AND boolean-based blind -...

bug vulnerability handling mechanism system-bugtracker-bug warning-the black bar safety net

For the company configured a Bug tracking system, 找到BugTracker.NET,read a bit, the translation of which is configuration. After a research experience then put up to share. A friend in need can be the following URL to download http://sourceforge.net/project/showfiles.php?groupid=66812 BugTracker...

Microsoft SQL Server Unsupported Version Detection (remote check)

According to its self-reported version number, the installation of Microsoft SQL Server on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities...

SQL Log Files (LDF) Not Smaller After Truncation

Challenge After Veeam Backup & Replication or Veeam Agent for Microsoft Windows successfully truncates a SQL Server Database with Application-Aware Processing enabled, the SQL Log File .ldf does not become smaller. Cause This is due to the fact that the LDF file itself is a container, when...

SQL Server Fails with error VSSControl: -2147024809 Backup job failed. Discovery phase failed.

This KB provides information when SQL fails with this error due to a logical file path...

CVE-2014-2869

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information...

Information disclosure

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information...

CVE-2014-2869

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information...

强智科技教务系统存在SQL注入漏洞导致多校中枪……

简要描述： 强智科技教务系统存在SQL注入漏洞，多校中枪…… 详细说明： 这个算是CMS吧？ 中枪学校及注入点 湖南商学院：http://jwgl.hnuc.edu.cn/Public/ShowGGTZ.asp?GGTZID=317【这里】 北京城市学院：http://114.255.66.248/jiaowu/Public/ShowGGTZ.asp?GGTZID=218【这里】 焦作大学：http://jw.jzu.cn/jiaowu/Public/ShowGGTZ.asp?GGTZID=1155【这里】...

MS09-062: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) (uncredentialed check)

The remote host has a version of SQL Server that may host the RSClientPrint ActiveX control that includes a copy of gdiplus.dll that is affected by multiple buffer overflow vulnerabilities when viewing TIFF, PNG, BMP, and Office files that could allow an attacker to execute arbitrary code on the...

MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) (uncredentialed check)

An application on the remote host has an information disclosure vulnerability. When parsing a specially crafted Web Service Discovery .disco file, external XML entities are allowed for untrusted user input. A remote attacker could exploit this by tricking a user into opening a specially crafted...

Netvolution 'm'参数SQL注入漏洞

Bugtraq ID:65942 Netvolution是一款基于WEB内容管理软件。 Netvolution不正确过滤用户提交的'm'参数数据，允许远程攻击者利用漏洞提交特制的请求，可操作或获取数据库数据。 0 Netvolution 3.0 目前没有详细解决方案提供： http://www.netvolution.net sqlmap output: Place: Get Parameter: m Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause...

Netvolution WCM CMS 3 SQL Injection

Exploit Title: Netvolution WCM - CMS v3 SQL Injection Exploit Type: Error-based SQL injection Date: Sun 02 Mar 2014 Exploit Author: projectzero labs Projectzero ID: projectzero2014-002-netvolutionsqli Vendor Homepage: http://www.netvolution.net && http://www.atcom.gr Version: 3 as vendor comfirme...

[Responder] a LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server

Responder is a LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. This tool is first an LLMNR and NBT-NS responder, it will answer to specific NBT-NS NetBIOS Name...