Microsoft SQL Server 访问控制错误漏洞

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. An elevation of privilege vulnerability exists in Microsoft SQL Server, which can be exploited by an attacker to execute arbitrar...

KLA73223 Multiple vulnerabilities in Microsoft SQL Server

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft SQL Server...

VulnCheck KEV: CVE-2019-1068

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'...

Nuuo Central Management Server Authenticated Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Server Authenticated Arbitrary File Download', 'Description' = %q The Nuuo Central Management Server allows an...

Microsoft SQL Server SQL Injection Escalate Execute AS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi Escalate Execute AS', 'Description' = %q This module can be used escalate privileges if the IMPERSONATION privilege has...

Microsoft SQL Server SQL Injection Escalate Db_Owner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi Escalate DbOwner', 'Description' = %q This module can be used to escalate SQL Server user privileges to sysadmin throug...

BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure', 'Description' = %q This module exploits a...

Microsoft SQL Server SQL Injection SUSER_SNAME Windows Domain Account Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi SUSERSNAME Windows Domain Account Enumeration', 'Description' = %q This module can be used to bruteforce RIDs associate...

Microsoft SQL Server Escalate EXECUTE AS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server Escalate EXECUTE AS', 'Description' = %q This module can be used escalate privileges if the IMPERSONATION privilege has been...

Microsoft SQL Server SQL Injection NTLM Stealer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi NTLM Stealer', 'Description' = %q This module can be used to help capture or relay the LM/NTLM credentials of the accou...

Microsoft SQL Server NTLM Stealer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server NTLM Stealer', 'Description' = %q This module can be used to help capture or relay the LM/NTLM credentials of the account...

Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SUSERSNAME SQL Logins Enumeration', 'Description' = %q This module can be used to obtain a list of all logins from a SQL...

Microsoft SQL Server Escalate Db_Owner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server Escalate DbOwner', 'Description' = %q This module can be used to escalate privileges to sysadmin if the user has the dbowner...

Security Updates for Microsoft SQL Server OLE DB Driver (July 2024)

The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user UI:R into attempting to connect to a malicious SQL...

The vulnerability of the OLE DB driver for SQL Server, related to the use of memory after it is freed, allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server relates to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the OLE DB driver for SQL Server, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to buffer overflow in the “heap”. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the OLE DB driver for SQL Server, related to integer overflow, allows an attacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to integer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the OLE DB driver for SQL Server, related to buffer overflows in the “queue”, allows attackers to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to buffer overflow in the “heap”. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

CVE-2024-6912

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0...

PT-2024-37952 · Perkinelmer +1 · Perkinelmer Processplus +1

Name of the Vulnerable Software and Affected Versions: PerkinElmer ProcessPlus versions through 1.11.6507.0 Description: The issue is related to the use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows, allowing an attacker to login and potentially remove data on all prone...