4418 matches found
MySQL: SQL Injection
Background MySQL is a popular multi-threaded, multi-user SQL server. Description MySQL is vulnerable to an injection flaw in mysqlrealescape when used with multi-byte characters. Impact Due to a flaw in the multi-byte character process, an attacker is still able to inject arbitary SQL statements...
Default credentials
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrat...
CVE-2006-2719
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HRStaff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords...
Design/Logic Flaw
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HRStaff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords...
CVE-2006-2718
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrat...
CVE-2006-2719
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HRStaff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords...
CVE-2006-2718
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrat...
CVE-2006-2719
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table of Microsoft SQL Server and transmits them in cleartext to the application's SQL Server ODBC driver, enabling potential credential exposure to context-dependent attackers. The available docum...
CVE-2006-2718
CVE-2006-2718 describes a vulnerability in JIWA Financials 6.4.14 where a Microsoft SQL Server account username, password, and the data source name are passed to a Crystal Reports .rpt file. This enables remote authenticated users to invoke certain stored procedures by referencing them in a user-...
Hacked SQL Server system ten ways-vulnerability warning-the black bar safety net
Using either the manual probe or the use of security testing tools, malicious attackers always use a variety of tricks from your firewall to internal and external compromise your SQL Server system. Since the hackers do such a thing. You also need to implement the same attacks to test your system'...
SQL Server password the password table-a vulnerability warning-the black bar safety net
SQL Server 1 4 3 3-port Data transmission most of it is plaintext, this includes IP address, connected user name, success and fail messages as a result, it is easy to use Sniffer Sniffer on the network segment within the SQL Server related information, get the username and IP, it is the differenc...
SQL Server users and permissions-bug warning-the black bar safety net
Note: would like to this article dedicated to my father and mother, thank them for me over the years of parenting grace. Original statement: China dark domain network technology information Station the original article, The author ice blood sealing caseEvilOctal, reproduced please renowned...
SQL Server SA rights summary of the classic techniques-vulnerability warning-the black bar safety net
The premise of the need for tools: SQL Query Analyzer and SqlExec Sunx Version The first part: About to remove the xpcmdshell to protect the system analysis summary: First of all know about the statement: 1. Remove the xpcmdshell extended procedure of the method is to use the following statement:...
Microsoft SQL Server 2000 resolution service buffer overflow
Added: 02/05/2006 CVE: CVE-2002-0649 BID: 5310 OSVDB: 4577 Background Microsoft SQL Server is a database server package for Windows platforms. SQL Server 2000 introduced the SQL Server Resolution Service, which runs on port 1434/UDP and identifies the port on which each SQL Server instance runs...
Microsoft SQL Server 2000 resolution service buffer overflow
Added: 02/05/2006 CVE: CVE-2002-0649 BID: 5310 OSVDB: 4577 Background Microsoft SQL Server is a database server package for Windows platforms. SQL Server 2000 introduced the SQL Server Resolution Service, which runs on port 1434/UDP and identifies the port on which each SQL Server instance runs...
Microsoft SQL Server 2000 resolution service buffer overflow
Added: 02/05/2006 CVE: CVE-2002-0649 BID: 5310 OSVDB: 4577 Background Microsoft SQL Server is a database server package for Windows platforms. SQL Server 2000 introduced the SQL Server Resolution Service, which runs on port 1434/UDP and identifies the port on which each SQL Server instance runs...
Microsoft SQL Server 2000 resolution service buffer overflow
Added: 02/05/2006 CVE: CVE-2002-0649 BID: 5310 OSVDB: 4577 Background Microsoft SQL Server is a database server package for Windows platforms. SQL Server 2000 introduced the SQL Server Resolution Service, which runs on port 1434/UDP and identifies the port on which each SQL Server instance runs...
Microsoft SQL Server Database Detection
Binary data 3393.prm...
MS02-056 Microsoft SQL Server Hello Overflow
By sending malformed data to TCP port 1433, an unauthenticated remote attacker could overflow a buffer and possibly execute code on the server with SYSTEM level privileges. This module should work against any vulnerable SQL Server 2000 or MSDE install 'MS02-056 Microsoft SQL Server Hello Overflow...
Lyris ListManager MSDE Weak sa Password
The remote host appears to be running ListManager, a web-based commercial mailing list management application from Lyris. The version of ListManager on the remote host was installed using Microsoft SQL Server Desktop Engine MSDE for its database backend along with a weak password for the 'sa'...