MS14-044: Vulnerability in SQL Server Could Allow Elevation of Privilege (2984340)

The remote host has a version of Microsoft SQL Server installed. This version of SQL Server is affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in the SQL Master Data Services. CVE-2014-1820 - A denial of service vulnerability exists in SQL Server. CVE-2014-406...

IE to Block Older ActiveX Controls, Starting with Java

Next week’s Microsoft Patch Tuesday security bulletins will not only bring nine new security bulletins but also an update to Internet Explorer that blocks outdated ActiveX controls, starting with Java. Notifications will flag the older ActiveX controls and users will have the option to update the...

Square: Blind SQL injection in www.bookfresh.com

The resource at /reservations doesn't properly sanitise the "client" variable before putting it into a MySQL statement. This results in a Blind SQL Injection vulnerability. We can demonstrate the vulnerability by making the SQL server wait for a while before responding. PoC wait a while:...

Microsoft Tuesday Update to Patch Critical Windows and Internet Explorer Vulnerabilities

Today Microsoft has released its Advance Notification for the month of August 2014 Patch Tuesday Updates releasing a total of nine security Bulletins, which will address several vulnerabilities in its products, out of which two are marked critical and rest are important in severity. The latest...

Advance Notification Service for the August 2014 Security Bulletin Release

Today, we provide advance notification for the release of nine Security Bulletins. Two of these are rated Critical, and the remaining seven are rated Important in severity. These Updates are for SQL Server, SharePoint, OneNote, .NET, Microsoft Windows, and Internet Explorer. As per our usual...

某投稿系统通用型SQL注射漏洞（影响众多企事业单位及学校）

简要描述： 某投稿系统通用型SQL注射漏洞 详细说明： 南京杰诺瀚软件科技有限公司的投稿系统SQL注射漏洞 intitle:投稿系统 技术支持：南京杰诺瀚软件科技有限公司 Web/Login.aspx 页面的 username 参数存在问题 DBA 权限注射 URL:...

Lime Survey 2.05+ Build 140618 XSS / SQL Injection Vulnerabilities

Lime Survey version 2.05+ Build 140618 suffers from cross site scripting and remote SQL injection vulnerabilities. Title: Lime Survey Multiple Vulnerabilities Discovery date: 02/07/2014 Release date: 03/07/2014 Vendor Homepage: www.limesurvey.org Version: Lime Survey 2.05+ Build 140618 Tested wit...

LimeSurvey 2.05+ Multiple Vulnerabilities

ADVISORY INFORMATION Title: Lime Survey Multiple Vulnerabilities Discovery date: 02/07/2014 Release date: 03/07/2014 Vendor Homepage: www.limesurvey.org Version: Lime Survey 2.05+ Build 140618 Tested with: MS SQL Server 2008 Credits: Giuseppe D'Amore...

Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or...

Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2038/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or...

Microsoft SQL Server sp_replwritetovarbin Memory Corruption

No description provided by source. $Id: ms09004spreplwritetovarbin.rb 11631 2011-01-24 19:37:58Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...

Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2040/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or...

JiRo?s FAQ Manager (read.asp fID) 1.0 - SQL Injection Vulnerability

No description provided by source. + Script Name : JiRo´s FAQ Manager eXperience + Version : v 1.0 + Price : Single Website License 34.95 $ 2 Websites License 62.95 $ 5 Websites License 139.95 $ + Author : Underz0ne Crew + Home : http://www.underz0ne.net + Script In short : 'JiRos FAQ Management...

Microsoft SQL Server Resolution Overflow

No description provided by source. $Id: ms02039slammer.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5005/info SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML Extensible Markup Language format. Such queries can be sent using various methods of communication...

Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7541/info Microsoft SQL Server is prone to an exploitable buffer overrun vulnerability via the Jet Database Engine. This can occur while the JET 4.0 OLE DB data provider is querying data supplied via a remote source and i...

Microsoft SQL Server Hello Overflow

No description provided by source. $Id: ms02056hello.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/11265/info Reportedly Microsoft SQL Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle irregular network communications. An attacker may leverage th...

Battle Blog <= 1.25 (comment.asp) Remote SQL Injection Vulnerability

No description provided by source. ++ | hhh hhh aa ccccccc kk k EEEEEEEE RRRR TTTTTTTT NNN NN | | hhh hhh aa aa cc kk k E RR R ----------- TT NN N NN | | hhhhhhhh aaaaaaaa cc kkk EEEEEEE RR R ----------- TT NN N NN | | hhh hhh aa aa cc kk k E RR R TT NN NNN | | hhh hhh aa aa ccccccc kk k EEEEEEE ...

Web Wiz Forums 9.68 SQLi Vulnerability

No description provided by source. ========================================= Web Wiz Forums 9.68 SQLi Vulnerability ========================================= Name : Web Wiz Forums 9.68 SQLi Vulnerability Date : june, 9 2010 Vendor url :http://www.webwiz.co.uk/webwizforums/ Platform: Windows...