How to Change Where SQL Transaction Log Backups Are Temporarily Stored on SQL Server

Purpose This article documents how to change the location where SQL transaction log backups are temporarily stored on a SQL server before being transferred to the repository. This article is relevant to the following parent-job types where SQL Transaction Log Backup can be used as a child-job:...

A PowerShell Toolkit for Attacking SQL Server: PowerUpSQL

The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could...

MS08-069: Description of the security update for XML Core Services 6.0: November 11, 2008

MS08-069: Description of the security update for XML Core Services 6.0: November 11, 2008 Support for Windows Vista Service Pack 1 SP1 ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 SP2. For more information,...

MS11-049: Description of the security update for Visual Studio 2008 SP1: June 14, 2011

MS11-049: Description of the security update for Visual Studio 2008 SP1: June 14, 2011 INTRODUCTION Microsoft has released security bulletin MS11-049. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...

Sql injection

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...

CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...

DEBIAN-CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...

CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...

CVE-2017-11509

CVE-2017-11509 is an authenticated remote code execution in Firebird SQL Server, triggered by executing a malformed SQL statement. The vulnerability affects Firebird versions 2.5.7 and 3.0.2, allowing an authenticated attacker to run arbitrary code on the server. Publicly documented remediation v...

CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...

CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...

EUVD-2017-3126

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...

Microsoft SQL Server Default Credentials (PCI wordlist)

The SQL Server has a common password for one or more accounts. These accounts may be used to gain access to the records in the database or even allow remote command execution. TRUSTED...

Not All Privileges are Assigned to Caller error during upgrade/install

Challenge When upgrading, the installer encounters the following error message which prevents it from proceeding: "Not all privileges or groups referenced are assigned to the caller" Affected Application Installers Veeam Backup & Replication Veeam Backup Enterprise Manager Veeam ONE Veeam Recover...

A Deep Dive into Database Attacks [Part II]: Delivery and Execution of Malicious Executables through SQL commands (SQL Server)

An organization’s database servers are frequently the prime target of attackers. We recently started a new research project we named StickyDB to learn more about database hacking, primarily to understand common database attacks, tools and techniques engaged by attackers. To conduct this research,...

MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (uncredentialed check)

The remote host is running a version of Windows that has multiple buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and BMP files that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a malformed image file ...

HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HPE iMC dbman RestartDB Unauthenticated RCE', 'Description' = %q This module exploits a remote command execution vulnerablity in Hewlett Packard...

ADV180002: Microsoft SQL Server January 2018 Security Update (Meltdown) (Spectre)

The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by a vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel...

Description of the security update for SQL Server 2008 SP4 GDR: January 6, 2018

Description of the security update for SQL Server 2008 SP4 GDR: January 6, 2018 Summary Microsoft is aware of detailed information that has been published about a class of vulnerabilities referred to as speculative execution side-channel attacks. To learn more about the vulnerabilities, go to...