Microsoft SQL Server Database Link Crawling Command Execution

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Microsoft SQL Server - Database Link Crawling Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require...

[SQL Fingerprint] Christmas Release

Microsoft SQL Server fingerprinting can be a time consuming process, because it involves trial and error methods to determine the exact version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for certain server are two of the...

Microsoft SQL Server Database Link Crawling Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require...

Upgrade to version 6.5 fails with the "Unable to connect to SQL Server" error

Challenge When upgrading to Veeam Backup & Replication version 6.5 you receive the error: "Unable to connect to SQL Server servername=:Login failed for user", even though the dbowner account is used. You also experience one of the following symptoms: You receive repeated logon windows You receive...

Microsoft SQL Server Database Link Crawling Command Execution

This module can be used to crawl MS SQL Server database links and deploy Metasploit payloads through links configured with sysadmin privileges using a valid SQL Server Login. If you are attempting to obtain multiple reverse shells using this module we recommend setting the "DisablePayloadHandler"...

Microsoft SQL Server SQLi NTLM Stealer

This module can be used to help capture or relay the LM/NTLM credentials of the account running the remote SQL Server service. The module will use the SQL injection from GETPATH to connect to the target SQL Server instance and execute the native "xpdirtree" or stored procedure. The stored...

Microsoft SQL Server NTLM Stealer

This module can be used to help capture or relay the LM/NTLM credentials of the account running the remote SQL Server service. The module will use the supplied credentials to connect to the target SQL Server instance and execute the native "xpdirtree" or "xpfileexist" stored procedure. The stored...

Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)

This host has important security update missing according to Microsoft Bulletin MS12-070. OpenVAS Vulnerability Test $Id: secpodms12-070.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability 2754849 Authors: Rachana Shetty Copyright: Copyright...

Microsoft SQL Server crossite scripting

SQL Server Report Manager crossite scripting...

Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)

This host has important security update missing according to Microsoft Bulletin MS12-070. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MS12-070: Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)

The remote host has a version of Microsoft SQL Server installed. This version of SQL Server is running SQL Server Reporting Services SRSS, that is affected by a cross-site scripting XSS vulnerability that could allow elevation of privileges. Successful exploitation could allow an attacker to...

MS12-070: Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849) (uncredentialed check)

The remote host has a version of Microsoft SQL Server installed. This version of SQL Server is running SQL Server Reporting Services SRSS, which is affected by a cross-site scripting XSS vulnerability that could allow elevation of privileges. Successful exploitation could allow an attacker to...

CVE-2012-2552

Cross-site scripting XSS vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected...

Cross site scripting

Cross-site scripting XSS vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected...

CVE-2012-2552

Cross-site scripting XSS vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected...

CVE-2012-2552

Microsoft SQL Server 2000/2005/2008/2008 R2/2012 Reporting Services suffers a cross-site scripting (XSS) vulnerability in the SQL Server Report Manager, allowing an attacker to inject web script or HTML via an unspecified parameter (reflected XSS). The issue is identified as CVE-2012-2552. Public...

Microsoft SQL Server Report Manager Elevation of Privilege (MS12-070; CVE-2012-2552)

A reflected XSS vulnerability has been reported in Microsoft SQL Server Report Manager...

Microsoft SQL Server Report Manager CVE-2012-2552 Cross Site Scripting Vulnerability

Description Microsoft SQL Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Technologie...

Microsoft Releases October Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, SQL Server, Server Software, Office, and Lync as part of the Microsoft Security Bulletin summary for October 2012. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service...