mysql: unspecified vulnerability related to SRCHAR (CPU July 2014)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR...

Microsoft SQL Server SQLi Escalate Execute AS

This module can be used escalate privileges if the IMPERSONATION privilege has been assigned to the user via error based SQL injection. In most cases, this results in additional data access, but in some cases it can be used to gain sysadmin privileges. The syntax for injection URLs is:...

Fedora 19 : php-ZendFramework2-2.2.8-2.fc19 (2014-14043)

Security Fixes - ZF2014-05: Due to an issue that existed in PHP's LDAP extension, it is possible to perform an unauthenticated simple bind against a LDAP server by using a null byte for the password, regardless of whether or not the user normally requires a password. We have provided a patch in...

Microsoft SQL Server Escalate EXECUTE AS

This module can be used escalate privileges if the IMPERSONATION privilege has been assigned to the user. In most cases, this results in additional data access, but in some cases it can be used to gain sysadmin privileges. This module requires Metasploit: https://metasploit.com/download Current...

Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration

This module can be used to obtain a list of all logins from a SQL Server with any login. Selecting all of the logins from the master..syslogins table is restricted to sysadmins. However, logins with the PUBLIC role everyone can quickly enumerate all SQL Server logins using the SUSERSNAME function...

某通用型校园校务系统SQL注入

简要描述： boom!!! 详细说明： 厂商：南京苏亚星资讯科技开发有限公司 校务系统输入任意用户名、密码，点击登录，报错的url存在注入漏洞 搜索引擎的案例如下： ErrorCode参数存在注入 http://www.sdwhys.com/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.zjnksyzx.com:8801/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004...

Updated php-ZendFramework packages fix security vulnerabilities

Due to a bug in PHP's LDAP extension, when ZendFramework's Zendldap class is used for logins, an attacker can login as any user by using a null byte to bypass the empty password check and perform an unauthenticated LDAP bind CVE-2014-8088. The sqlsrv PHP extension, which provides the ability to...

PT-2020-7742 · Zend · Zend Framework

Name of the Vulnerable Software and Affected Versions: Zend Framework versions prior to 1.12.9 Zend Framework versions 2.2.x prior to 2.2.8 Zend Framework versions 2.3.x prior to 2.3.3 Description: The issue allows remote attackers to execute arbitrary SQL commands via a null byte when using the...

Microsoft SQL Server SQLi Escalate Db_Owner

This module can be used to escalate SQL Server user privileges to sysadmin through a web SQL Injection. In order to escalate, the database user must to have the dbowner role in a trustworthy database owned by a sysadmin user. Once the database user has the sysadmin role, the mssqlpayloadsqli modu...

Lime Survey 2-05+ Multiple Vulnerabilities

Lime Survey Multiple Vulnerabilities ======================================================================= ADVISORY INFORMATION Title: Lime Survey Multiple Vulnerabilities Discovery date: 02/07/2014 Release date: 03/07/2014 Vendor Homepage: www.limesurvey.org Version: Lime Survey 2.05+ Build...

Common SQL Server 2 0 0 0 vulnerability and its associated use-vulnerability warning-the black bar safety net

A, empty or weak password Beginners in the SQL Server installation in order to save, the SQL Server Administrator sa is empty or weak password, so the danger is very great, and these dangerous often beginners are not aware of, the little King feel that their library is test data, nothing with, ev...

BMC Track-It! - Multiple Vulnerabilities

No description provided by source. Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= The application exposes several .NET remoting services o...

BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure

This module exploits an unauthenticated configuration retrieval .NET remoting service in Numara / BMC Track-It! v9 to v11.X, which can be abused to retrieve the Domain Administrator and the SQL server user credentials. This module has been tested successfully on versions 11.3.0.355, 10.0.51.135,...

ClassApps SelectSurvey.net - Multiple SQL Injection Vulnerabilities

No description provided by source. Exploit Title: Multiple SQL Injection Vulnerabilities in SelectSurvey.net Google Dork: intitle:SelectSurvey Date: Sep 03 2014 Vendor Homepage: https://www.classapps.com/ Software Link: https://www.classapps.com/SelectSurveyNETOverview.asp Version: 4.124.004 Test...

Microsoft SQL Server Escalate Db_Owner

This module can be used to escalate privileges to sysadmin if the user has the dbowner role in a trustworthy database owned by a sysadmin user. Once the user has the sysadmin role the msssqlpayload module can be used to obtain a shell on the system. This module requires Metasploit:...

万户OA 无条件sql注入

简要描述： sql注入,您要跑出数据证明,那我就给你跑出数据的图,说了 延时注入时间较慢.不知道为什么 您不信呢. 详细说明： 问题处在WorkflowCommonAction acton 参数没有过滤 漏洞证明： -u "http://119.254.81.197:7001/defaultroot/WorkflowCommonAction.do?curActivityId=1&flag=back" --dbms="Microsoft SQL Server" --dbs...

ClassApps SelectSurvey.net - Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Multiple SQL Injection Vulnerabilities in SelectSurvey.net Google Dork: intitle:SelectSurvey Date: Sep 03 2014 Vendor Homepage: https://www.classapps.com/ Software Link: https://www.classapps.com/SelectSurveyNETOverview.asp...

某学校综合管理平台OAsql注入漏洞(影响大量学校)

简要描述： 前台走一走 详细说明： 问题厂商：上海安脉计算机科技有限公司 谷歌百度：版权所有：上海安脉计算机科技有限公司 大量学校使用该系统 管理平台没发现漏洞，但是这套系统附带一套oa系统 /anmai/oa/adduser.aspx 在密码出现sql注入 只能手工不好利用 但是 这有个用户修改 只需添加参数id /anmai/oa/adduser.aspx?id=1 （id存在注入） 以该公司demo为例 http://www.anmai.net/anmai/oa/adduser.aspx?id=1 Place: GET Parameter: id Type: error-based...

ClassApps SelectSurvey.net - Multiple SQL Injections

Exploit Title: Multiple SQL Injection Vulnerabilities in SelectSurvey.net Google Dork: intitle:SelectSurvey Date: Sep 03 2014 Vendor Homepage: https://www.classapps.com/ Software Link: https://www.classapps.com/SelectSurveyNETOverview.asp Version: 4.124.004 Tested on: Windows 2008 R2/SQL Server...

ClassApps SelectSurvey.net - Multiple SQL Injections

ClassApps SelectSurvey.net - Multiple SQL Injections Exploit Title: Multiple SQL Injection Vulnerabilities in SelectSurvey.net Google Dork: intitle:SelectSurvey Date: Sep 03 2014 Vendor Homepage: https://www.classapps.com/ Software Link: https://www.classapps.com/SelectSurveyNETOverview.asp...