ClassApps SelectSurvey.net 4.124.004 SQL Injection

Details ========== Software: ClassApps SelectSurvey.net Description: Multiple SQL Injection Vulnerabilities Version: 4.124.004 Homepage: https://www.classapps.com/SelectSurveyNETOverview.asp Vendor Fix: 4.125.002 CVE: 2014-6030 Timeline ========== Aug 28 2014 - Vendor Notified Aug 28 2014 - CVE...

万户网络 无条件SQL注入

简要描述： 详细说明： 验证地址： -u "http://222.178.221.54:7001/defaultroot/GovDocumentDossierAction.do?id=1&flag=sendFile" --dbms="Microsoft SQL Server" 存在漏洞地址： http://119.254.81.197:7001 http://61.191.17.216:7001 http://219.136.247.248:7001/ http://222.178.221.54:7001 漏洞证明： 由于是 延时盲注 数据出来较慢 我就不截图了，您可以自己验证下。...

Microsoft SQL Server multiple security vulnerabilities

XSS, stack overrun...

Kesion网校培训系统注入漏洞

简要描述： rt。 详细说明： kesion网校平台，商业收费版，不提供下载。 demo站点：http://e.kesion.com 注册登陆，http://e.kesion.com/user/course/MyCourseOrder.aspx，我的订单，3个框框都无过滤，可注入： 课程名称处search型注入：test%' and @@version0 and '%'=' SQL server 2000 起止时间也可以注入。 最新版应该是2.6，老版本的还有一处注入： 官网的一个案例：http://www.weekedu.com/...

Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)

This host is missing an important security update according to Microsoft Bulletin MS14-044. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2014-4061

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...

CVE-2014-1820

Cross-site scripting XSS vulnerability in Master Data Services MDS in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."...

Stack overflow

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...

Cross site scripting

Cross-site scripting XSS vulnerability in Master Data Services MDS in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."...

CVE-2014-1820

Cross-site scripting XSS vulnerability in Master Data Services MDS in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."...

CVE-2014-1820

CVE-2014-1820 describes a cross-site scripting (XSS) vulnerability in Microsoft SQL Server's Master Data Services (MDS). Affected products/versions are SQL Server 2012 SP1 and SQL Server 2014 running on 64-bit platforms, where a crafted URL can cause the MDS web interface to execute arbitrary scr...

CVE-2014-4061

CVE-2014-4061 affects Microsoft SQL Server 2008 SP3, SQL Server 2008 R2 SP2, and SQL Server 2012 SP1. The root cause is improper control of stack memory when processing T-SQL batch commands, enabling remote authenticated users to cause a denial of service (daemon hang). Connected sources align on...

CVE-2014-4061

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...

August 2014 Security Updates

Today, as part of Update Tuesday, we released nine securityupdates – two rated Critical and seven rated Important – to address 37 Common Vulnerabilities & Exposures CVEs in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer IE. We encourage you to apply all of these updates, but...

Microsoft Releases August 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows, Office, SQL Server, Server Software, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for August 2014. Some of these vulnerabilities could allow remote code execution, elevation of...

MS14-044: Vulnerability in SQL Server Could Allow Elevation of Privilege (2984340) (uncredentialed check)

The remote host has a version of Microsoft SQL Server installed. This version of SQL Server is potentially affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in the SQL Master Data Services. CVE-2014-1820 - A denial of service vulnerability exists in SQL Server...

KLA10615 Multiple vulnerabilities in Microsoft SQL Server

Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to cause denial of service or inject arbitrary code. Below is a complete list of vulnerabilities 1. Lack of stack memory restrictions can be exploited remotely via a special...

Microsoft SQL Server CVE-2014-4061 Local Denial of Service Vulnerability

Description Microsoft SQL Server is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause a system to stop responding, denying further service to legitimate users. Technologies Affected Microsoft SQL Server 2008 32bit SP3 Microsoft SQL Server 2008 R2 for 32-b...

Microsoft SQL Server Master Data Services CVE-2014-1820 Cross Site Scripting Vulnerability

Description Microsoft SQL Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Technologie...

MS14-044: Vulnerabilities in SQL Server could allow elevation of privilege: August 12, 2014

Resolves vulnerabilities in SQL Server that could allow elevation of privilege if a user goes to a specially crafted website that injects a client-side script into the user's instance of Internet Explorer.INTRODUCTIONMicrosoft has released security bulletin MS14-044. To learn more about this...