Policy Compliance Library Updates, January 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

CVE-2019-2922

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

Microsoft Issues Out-of-Band Update for SharePoint Bug

UPDATE Microsoft has added a fresh CVE to its security portal, linking it to the existing November security updates the patch itself was already included in the updates, but not specifically named. The CVE describes a vulnerability in SharePoint Server. According to a Microsoft Security Advisory,...

SQL Server 2019 Security Tool Inadvertently Reveals Where Sensitive Data is Stored

The first step in protecting your data and ensuring your database is compliant with security benchmarks and privacy regulations such as SOX, PCI, HIPAA, and GDPR is to understand what sensitive information resides in that database. Microsoft’s SQL Server 2019 introduces a new tool SQL Data...

Microsoft SQL Server Reporting Services Cross-Site Scripting Vulnerability

Microsoft SQL Server Reporting Services is a server-based reporting platform. A cross-site scripting vulnerability exists in Microsoft SQL Server Reporting Services that originates from the program failing to properly clean up a specially crafted web request. A remote attacker could exploit the...

CVE-2019-1332

A cross-site scripting XSS vulnerability exists when Microsoft SQL Server Reporting Services SSRS does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'...

Cross site scripting

A cross-site scripting XSS vulnerability exists when Microsoft SQL Server Reporting Services SSRS does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'...

CVE-2019-1332

CVE-2019-1332 is an XSS in Microsoft SQL Server Reporting Services (SSRS) caused by inadequate sanitization of crafted web requests. Affected product: SSRS within SQL Server deployments. Impact per documentation: cross-site scripting could enable script execution in the context of the SSRS user. ...

CVE-2019-1332

A cross-site scripting XSS vulnerability exists when Microsoft SQL Server Reporting Services SSRS does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'...

Microsoft SQL Server Reporting Services XSS Vulnerability

A cross-site scripting XSS vulnerability exists when Microsoft SQL Server Reporting Services SSRS does not properly sanitize a specially-crafted web request to an affected SSRS server. An attacker who successfully exploited the vulnerability could run scripts in the context of the targeted user...

Microsoft SQL Server Reporting Services CVE-2019-1332 Cross Site Scripting Vulnerability

Description Microsoft SQL Server Reporting Services SSRS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

KLA11620 SUI Vulnerability in Microsoft SQL Server

A cross-site-scripting XSS vulnerability was found in Microsoft SQL Server Reporting Services. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2019-1332 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-SQL-Server...

A list of the bugs that are fixed in SQL Server 2005 Service Pack 2

Lists the bugs that are fixed in SQL Server 2005 Service Pack 2.If you have a problem installing Microsoft SQL Server 2005 Express Edition SP2, you can try one of the following solutions:To find more information about the error code, or to request support by e-mail, visit the following Microsoft...

Code Execution Vulnerability in ZZZcms 1.7.3

zzcms using ASP ACCESS/MSSQL free station building system , all source code open source complete , support the direct use . ZZZcms 1.7.3 there is a code execution vulnerability , attackers can use the vulnerability to inject malicious code...

Publishing Microsoft SQL Databases: Insufficient Free Space on the Mount Server

Article Applicability The locations and registry values specified in this article are relevant only to Veeam Backup & Replication 9.5 U4. Starting with Veeam Backup & Replication 10, when a SQL Database is Published using Veeam Explorer for Microsoft SQL, the write cache files are stored in the...

The vulnerability of the Microsoft SQL Server Management Studio database management system, related to the improper assignment of permissions for files, allows a perpetrator to gain access to protected information.

The vulnerability of the Microsoft SQL Server Management Studio database management system is related to the improper assignment of permissions for files. Exploiting this vulnerability can allow an attacker to gain access to protected information remotely...

The vulnerability of the Microsoft SQL Server Management Studio database management system, related to the improper assignment of permissions for files, allows a perpetrator to gain access to protected information.

The vulnerability of the Microsoft SQL Server Management Studio database management system is related to the improper assignment of permissions for files. Exploiting this vulnerability can allow an attacker to gain access to protected information remotely...

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

CVE-2019-18464

CVE-2019-18464 affects Progress MOVEit Transfer REST API across the affected branches: 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3). The vulnerability is SQL Injection in the REST API that can allow an unauthenticated attacker to gain unauthorized ...

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...