Windows Gather Product Key

This module will enumerate Microsoft product license keys. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Product Key', 'Description' = %q This module will enumerate Microsoft...

Code Widget Web based Help System Web-App (ASP) SQL injection

Exploit for asp platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Code Widgets Web Based Help System SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 inj3ct0r 1337 Day Team 1 0 0...

Community Server - Stored Cross-Site Scripting in User's Signature

Community Server - Stored Cross-site Scripting in user's signature. - Product description: Community Server is a communities and collaboration web application developed by Telligent. It uses ASP.NET platform C and Microsoft SQL Server database. From it's 5.0 version, the software was renamed to...

Telligent Community Server 5.x Cross Site Scripting

Editor's note: 4 Advisories are grouped together here. ======================================================================= Community Server - Stored Cross-site Scripting in user's signature. - Product description: Community Server is a communities and collaboration web application developed b...

International Organization For Migration database hacked by Inj3ct0r Team for GREEN LIBYA

International Organization For Migration database hacked by Inj3ct0r Team for GREEN LIBYA Inj3ct0r Team Hackers hack the database of International Organization For Migration database . Statement by Hacker "Sorry about the usernames and passwords not giving because we take no responsibility of...

PT-2011-09: Arbitrary Command Execution in ManageEngine ServiceDesk Plus 8.0.0

The specialists of the Positive Research center have revealed an arbitrary code execution vulnerability in ManageEngine ServiceDesk Plus. If Microsoft SQL Server is used as application database server, insufficient validation of input settings for /CustomReporthandler.do script that is use to...

IBM Web Application Firewall Bypass

Trustwave's SpiderLabs Security Advisory TWSL2011-006: IBM Web Application Firewall Bypass https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt Published: 2011-06-21 Version: 1.0 Vendor: IBM Product: IBM Web Application Firewall These capabilities are included through SiteProtector 7....

Microsoft XML Editor Information Disclosure Vulnerability (2543893)

This host is missing an important security update according to Microsoft Bulletin MS11-049. OpenVAS Vulnerability Test $Id: secpodms11-049.nasl 5362 2017-02-20 12:46:39Z cfi $ Microsoft XML Editor Information Disclosure Vulnerability 2543893 Authors: Antu Sanadi Copyright: Copyright c 2011 SecPod...

CVE-2011-1280

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express SSMSE 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrar...

Xxe

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express SSMSE 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrar...

CVE-2011-1280

CVE-2011-1280 is the XML External Entities Resolution vulnerability affecting Microsoft XML Editor components used with InfoPath 2007 SP2/2010, SQL Server 2005 SP3/4, 2008 SP1/2/R2, SSMSE 2005, and Visual Studio 2005 SP1/2008 SP1/2010. Technical detail from connected documents shows that the issu...

CVE-2011-1280

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express SSMSE 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrar...

Microsoft XML外部实体分解CVE-2011-1280信息泄露漏洞

Bugtraq ID: 48196 CVE ID：CVE-2011-1280 Microsoft XML Editor是一款”基于Microsoft Visual Studio"文本编辑器，并增加了对XML语言的支持。 在解析Web服务发现文件".disco"中的XML外部实体时存在错误，攻击者可以利用漏洞获得任意文件的敏感内容。 Microsoft Visual Studio 2010 0 Microsoft Visual Studio 2008 SP1 Microsoft Visual Studio 2005 SP1 Microsoft SQL Server Management...

Microsoft XML External Entities Resolution CVE-2011-1280 Information Disclosure Vulnerability

Description Microsoft XML editor is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Attackers can exploit this issue by enticing an unsuspecting user to visit a specially crafted...

Nmap NSE net: ms-sql-hasdbaccess

Queries Microsoft SQL Server ms-sql for a list of databases a user has access to. The script needs an account with the sysadmin server role to work. It needs to be fed credentials through the script arguments or from the scripts 'mssql-brute' or 'mssql-empty- password'. When run, the script...

Nmap NSE net: ms-sql-tables

Queries Microsoft SQL Server ms-sql for a list of tables per database. The sysdatabase table should be accessible by more or less everyone The script attempts to use the sa account over any other if it has the password in the registry. If not the first account in the registry is used. Once we hav...

Nmap NSE net: ms-sql-brute

Performs password guessing against Microsoft SQL Server ms-sql. SYNTAX: userdb: The filename of an alternate username database. passdb: The filename of an alternate password database. mssql.timeout: How long to wait for SQL responses. This is a number followed by 'ms' for milliseconds, 's' for...

Nmap NSE net: ms-sql-query

Runs a query against Microsoft SQL Server ms-sql. SYNTAX: mssql.timeout: How long to wait for SQL responses. This is a number followed by 'ms' for milliseconds, 's' for seconds, 'm' for minutes, or 'h' for hours. Default: '30s'. mssql-query.query: specifies the query to run against the server...

Nmap NSE net: ms-sql-xp-cmdshell

Attempts to run a command using the command shell of Microsoft SQL Server ms-sql. The script needs an account with the sysadmin server role to work. It needs to be fed credentials through the script arguments or from the scripts 'ms-sql-brute' or 'ms-sql-empty- password'. When run, the script...