Firebird - Relational Database CNCT Group Number Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Firebird Relational Database CNCT Group Number Buffer Overflow', 'Description' = %q This module exploits a vulnerability in...

Microsoft SQL Server - Database Link Crawling Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require...

Microsoft SQL Server Database Link Crawling Command Execution

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Microsoft SQL Server Database Link Crawling Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

[SQL Fingerprint] Christmas Release

Microsoft SQL Server fingerprinting can be a time consuming process, because it involves trial and error methods to determine the exact version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for certain server are two of the...

Microsoft SQL Server Database Link Crawling Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require...

Upgrade to version 6.5 fails with the "Unable to connect to SQL Server" error

Challenge When upgrading to Veeam Backup & Replication version 6.5 you receive the error: "Unable to connect to SQL Server servername=:Login failed for user", even though the dbowner account is used. You also experience one of the following symptoms: You receive repeated logon windows You receive...

Microsoft SQL Server Database Link Crawling Command Execution

This module can be used to crawl MS SQL Server database links and deploy Metasploit payloads through links configured with sysadmin privileges using a valid SQL Server Login. If you are attempting to obtain multiple reverse shells using this module we recommend setting the "DisablePayloadHandler"...

Microsoft SQL Server SQLi NTLM Stealer

This module can be used to help capture or relay the LM/NTLM credentials of the account running the remote SQL Server service. The module will use the SQL injection from GETPATH to connect to the target SQL Server instance and execute the native "xpdirtree" or stored procedure. The stored...

Microsoft SQL Server NTLM Stealer

This module can be used to help capture or relay the LM/NTLM credentials of the account running the remote SQL Server service. The module will use the supplied credentials to connect to the target SQL Server instance and execute the native "xpdirtree" or "xpfileexist" stored procedure. The stored...

Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)

This host has important security update missing according to Microsoft Bulletin MS12-070. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft SQL Server crossite scripting

SQL Server Report Manager crossite scripting...

Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)

This host has important security update missing according to Microsoft Bulletin MS12-070. OpenVAS Vulnerability Test $Id: secpodms12-070.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability 2754849 Authors: Rachana Shetty Copyright: Copyright...

MS12-070: Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)

The remote host has a version of Microsoft SQL Server installed. This version of SQL Server is running SQL Server Reporting Services SRSS, that is affected by a cross-site scripting XSS vulnerability that could allow elevation of privileges. Successful exploitation could allow an attacker to...

MS12-070: Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849) (uncredentialed check)

The remote host has a version of Microsoft SQL Server installed. This version of SQL Server is running SQL Server Reporting Services SRSS, which is affected by a cross-site scripting XSS vulnerability that could allow elevation of privileges. Successful exploitation could allow an attacker to...

CVE-2012-2552

Cross-site scripting XSS vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected...

Cross site scripting

Cross-site scripting XSS vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected...

CVE-2012-2552

Cross-site scripting XSS vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected...

CVE-2012-2552

Microsoft SQL Server 2000/2005/2008/2008 R2/2012 Reporting Services suffers a cross-site scripting (XSS) vulnerability in the SQL Server Report Manager, allowing an attacker to inject web script or HTML via an unspecified parameter (reflected XSS). The issue is identified as CVE-2012-2552. Public...

Microsoft SQL Server Report Manager Elevation of Privilege (MS12-070; CVE-2012-2552)

A reflected XSS vulnerability has been reported in Microsoft SQL Server Report Manager...