Microsoft SQL Server CVE-2015-1762 Remote Code Execution Vulnerability

Description Microsoft SQL Server is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial-of-service condition; this can result in the attacker gaining...

MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) (uncredentialed check)

The remote Microsoft SQL Server installation is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists due to the casting of pointers to an incorrect class. An authenticated, remote attacker can exploit this, via a specially crafted SQL query, to gain elevated...

MS15-058: Vulnerabilities in SQL Server could allow remote code execution: July 14, 2015

Resolves vulnerabilities in SQL Server that could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address. This leads to a function call to uninitialized memory.IntroductionThis update resolves...

MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)

The remote Microsoft SQL Server installation is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists due to the casting of pointers to an incorrect class. An authenticated, remote attacker can exploit this, via a specially crafted SQL query, to gain elevated...

Microsoft SQL Server Remote Code Execution (MS15-058; CVE-2015-1762)

A remote code execution vulnerability exists in Microsoft SQL Server. The vulnerability is caused when Microsoft SQL Server incorrectly handles internal function calls to uninitialized memory. An attacker could exploit the vulnerability if a privileged user runs a specially crafted query on an...

Microsoft SQL Server CVE-2015-1763 Remote Code Execution Vulnerability

Description Microsoft SQL Server is prone to a remote code-execution vulnerability. Successful exploits can allow attackers to execute arbitrary code within the affected system. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Avaya Meeting Exchange -...

CVE-2015-3001

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...

Hardcoded credentials

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...

CVE-2015-3001

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...

Antivirus Exclusions for Veeam Agent for Microsoft Windows

Purpose This article documents antivirus exclusions that may be created to reduce the impact that antivirus software has on the functionality of Veeam Agent for Microsoft Windows. These antivirus exclusions may be applied to the Windows built-in antivirus or third-party antivirus software. Note:...

Failed to prepare guest for SQL Server transaction log backup Details: Job owns SQL Server transaction logs backup

Challenge Microsoft SQL Server Log Backup job displays the following warning: Failed to prepare guest for SQL Server transaction log backup Details: Job owns SQL Server transaction logs backup This issue can also occur for Oracle Archived Log Backup, and will display the following warning: Cannot...

Coremail官网SQL注入可读全库

简要描述： coremail官网存在注入，有防护，可绕过。 详细说明： 漏洞地址：http://www.coremail.cn/gjzc2/list117.aspx?lcid=412 漏洞证明： 有防护，直接用sqlmap加个tamper=chardoubleencode.py可以跑出来。 这个是sqlmap用的payload： Place: GET Parameter: lcid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: lcid=412 AND...

CVE-2015-0423

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer...

mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU Jan 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML...

某通用型政府建站系统SQL注入

简要描述： RT 详细说明： 山东农友软件公司官网:http://www.nongyou.com.cn/ 案例如下: http://222.135.127.190:7000/gov/SearchInfoSum.aspx?keyword= http://221.2.171.59:8000/gov/SearchInfoSum.aspx?keyword= http://222.135.109.70:8100/gov/SearchInfoSum.aspx?keyword= http://61.133.119.187:8089/gov/SearchInfoSum.aspx?keyword=...

MC-SQLR Reflected Denial of Service

The SQL Server Resolution Protocol MC-SQLR is an application-layer request/response protocol that facilitates connectivity to a database server. The MC-SQLR server may be vulnerable to reflected DDoS attacks, due to its inability to handle a large number of incoming requests within a short period...

Solarwinds Orion Service SQL Injection Vulnerability

Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address...

SolarWinds Orion Service - SQL Injection

I found a couple SQL injection vulnerabilities in the core Orion service used in most of the Solarwinds products SAM, IPAM, NPM, NCM, etc…. This service provides a consistent configuration and authentication layer across the products. To be exact, the vulnerable applications and versions are:...

InstantASP InstantForum.NET 3.x / 4.x Cross Site Scripting

CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS Cross-Site Scripting Security Vulnerabilities Exploit Title: InstantASP InstantForum.NET Multiple XSS Cross-Site Scripting Security Vulnerabilities Product: InstantForum.NET Vendor: InstantASP Vulnerable Versions: v4.1.3 v4.1.1 v4.1.2 v4.0.0...

Hospira LifeCare PCA Infusion System Vulnerabilities

OVERVIEW OSIsoft has identified and reported to NCCIC/ICS-CERT a default permissions vulnerability in PI AF product. OSIsoft has produced a mitigation plan to remove this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS OSIsoft reports that the vulnerability affect...