Microsoft SQL Server Management Studio Information Disclosure (CVE-2019-1313)

An information disclosure vulnerability exists in microsoft sql server management studio. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

Success in security: reining in entropy

Your network is unique. It’s a living, breathing system evolving over time. Data is created. Data is processed. Data is accessed. Data is manipulated. Data can be forgotten. The applications and users performing these actions are all unique parts of the system, adding degrees of disorder and...

Update Rollup 6 for System Center 2012 R2 Data Protection Manager

Update Rollup 6 for System Center 2012 R2 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 6 for Microsoft System Center 2012 R2 Data Protection Manager. Additionally, this article contains the installation instructions for Update Rollup 6 for...

Issues that are fixed in System Center 2012 Data Protection Manager SP1 Update Rollup 5

Issues that are fixed in System Center 2012 Data Protection Manager SP1 Update Rollup 5 Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 Data Protection Manager Service Pack 1 SP1. Additionally, this article contains the installatio...

KLA11776 SUI vulnerability in Microsoft SQL Server

SUI vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2020-1173 Related products Microsoft-SQL-Server CVE list CVE-2020-1173 warning KB list Solution Install necessary updates from the KB section, that...

MS02-008: XMLHTTP control in MSXML 4.0 can allow access to local files

For additional information about this vulnerability, click the following article numbers to view the articles in the Microsoft Knowledge Base:318203 MS02-008: XMLHTTP control in MSXML 3.0 can allow access to local files318202 MS02-008: XMLHTTP control in MSXML 2.0 can allow access to local...

Logic flaw vulnerability in old y article management system

The old y article management system is based on the old y Asp Access/Mssql environment developed under the open source website building products . Old y article management system has a logic flaw vulnerability , attackers can use the vulnerability to obtain sensitive information...

System Center Operations Manager, version 1807

System Center Operations Manager, version 1807 Applies to: System Center Operations Manager, version 1807 Introduction This article describes the issues that are fixed and the improvements that are included in System Center Operations Manager, version 1807. This article also contains the...

Update Rollup 6 for System Center 2016 Operations Manager

Update Rollup 6 for System Center 2016 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 6 for Microsoft System Center 2016 Operations Manager. This article also contains the installation instructions for this update. Improvements and issues that ar...

Mssqlproxy - A Toolkit Aimed To Perform Lateral Movement In Restricted Environments Through A Compromised Microsoft SQL Server Via Socket Reuse

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on the SQL server. Please read this article carefully before continuing. It consists of three part...

CVE-2020-10875

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...

Path traversal

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...

CVE-2020-10875

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...

CVE-2020-10875

The CVE-2020-10875 entry applies to Motorola FX9500 devices (Zebra FX9500 rebrand). A remote attacker can perform an absolute path traversal, demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. The Red Hat and CNVD entries corroborate the vulnerability description; Tenable p...

Microsoft SQL Server Remote Code Execution (CVE-2020-0618)

A remote code execution vulnerability exists in Microsoft SQL server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

SQL Server Reporting Services (SSRS) ViewState Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SQL Server Reporting Services SSRS ViewState Deserialization', 'Description' = %q A vulnerability exists within Microsoft's SQL Server Reporting...

SQL Server Reporting Services (SSRS) ViewState Deserialization Exploit

A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server. This module...

SQL Server Reporting Services (SSRS) ViewState Deserialization

A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server. This module...

Sql injection

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...

CVE-2020-8611

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...