Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability

Description Microsoft Windows Common Controls is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the...

Siemens Patches Stuxnet-Like SCADA Bugs

German industrial control system manufacturer Siemens announced Monday that it had patched holes in some of its products that appear to resemble holes used by the popular Stuxnet worm in 2010. If left unpatched, vulnerabilities in the company’s Simatic STEP 7 and Simatic PCS 7 software could have...

Microsoft SQL Server Generic Query from File

This module will allow for multiple SQL queries contained within a specified file to be executed against a Microsoft SQL MSSQL Server instance, given the appropriate credentials. This module requires Metasploit: https://metasploit.com/download Current source:...

Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

SwaggSec gained access to China Telecom and Warner Bros

SwaggSec gained access to China Telecom and Warner Bros A hacking group is claiming to have breached the networks of Warner Bros. and China Telecom, releasing documents and publishing login credentials. Swagg Security, or SwaggSec, the same hacker collective that breached Foxconn a few months ago...

DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection

Title ----- DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection Severity -------- High Date Discovered --------------- April 12, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Chris Graham and r@b13$ Vulnerability Description...

High CPU Utilization for Veeam ONE SQL Database

Challenge When using the included Microsoft SQL Server Express Edition instance to host the Veeam ONE database, a portion of the total CPU cores available to the system have a disproportionality high CPU utilization. Cause This behavior is caused by the "Maximum compute capacity used by a single...

How to Migrate the Veeam ONE Database

Article Applicability This article is specifically about relocating the Veeam ONE database to a different Microsoft SQL Server Instance and the Veeam ONE deployment remaining on the same machine. For information about relocating the Veeam ONE deployment, review: KB1801: How to Migrate Veeam ONE...

Siemens WinCC Insecure SQL Server Authentication

Overview Siemens has released a software update for an insecure SQL server authentication vulnerability in Siemens’ SIMATIC WinCC and SIMATIC PCS 7 software. Previous versions of SIMATIC WinCC use default SQL server credentials that allowed administrative access to the database. The default...

Fedora Update for gallery2 FEDORA-2012-5814

Check for the Version of gallery2 OpenVAS Vulnerability Test Fedora Update for gallery2 FEDORA-2012-5814 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 15 Update: gallery2-2.3.2-1.fc15

The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...

[SECURITY] Fedora 16 Update: gallery2-2.3.2-1.fc16

The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...

Microsoft SQL Server privilege escalation

Privilege escalation via RESTORE DATABASE...

TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability wa...

[SECURITY] Fedora 17 Update: gallery2-2.3.2-2.fc17

The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...

金蝶某软件存在某隐藏sqlserver账户

简要描述： 金蝶某软件存在某隐藏sqlserver账户，SA权限，对数据库服务器有严重威胁。 详细说明： 金蝶某软件存在某隐藏sqlserver账户，SA权限，对数据库服务器有严重威胁。 漏洞证明：...

Microsoft's April Security Update : Patch MS12-027 Now !

This month Microsoft released a total of six new security bulletins, but one in particular deals with a zero-day vulnerability impacting virtually every Microsoft user, which is already being exploited in the wild. Four of the six security bulletins are rated as Critical by Microsoft, with the...

Microsoft SQL Server Privilege Escalation / SQL Injection

No description provided by source. AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability was discovere...

MS12-027: Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

A memory corruption issue exists in Windows common controls, specifically within the MSCOMCTL.TreeView, MSCOMCTL.ListView2, MSCOMCTL.TreeView2, and MSCOMCTL.ListView controls component of MSCOMCTL.OCX, due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can...

Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258)

This host is missing a critical security update according to Microsoft Bulletin MS12-027. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...