4416 matches found
PT-2024-6359 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to errors in numerical truncation in the Microsoft SQL Server system, which can allow a remote attacker to gain unauthorized access to protected informatio...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server, which can be exploited by an attacker to execute arbitrary...
PT-2024-6357 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server versions prior to 13.0.7045.2 Microsoft SQL Server versions prior to 13.0.6450.1 Microsoft SQL Server versions prior to 15.0.4395.2 Microsoft SQL Server versions prior to 15.0.2125.1 Microsoft SQL Server versions prior to...
PT-2024-6285 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in Microsoft SQL Server, associated with unsafe privilege management. Exploitation of this issue may allow a...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. An information disclosure vulnerability exists in Microsoft SQL Server, which can be exploited by attackers to obtain sensitive...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server, which can be exploited by an attacker to execute arbitrary...
Microsoft SQL Server 资源管理错误漏洞
Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is used under Microsoft Windows. A resource management error vulnerability exists in Microsoft SQL Server. An attacker exploiting this vulnerability could remotely execute code. The following products a...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. An elevation of privilege vulnerability exists in Microsoft SQL Server, which can be exploited by an attacker to execute arbitrar...
VulnCheck KEV: CVE-2019-1068
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'...
Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SUSERSNAME SQL Logins Enumeration', 'Description' = %q This module can be used to obtain a list of all logins from a SQL...
Microsoft SQL Server SQL Injection Escalate Db_Owner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi Escalate DbOwner', 'Description' = %q This module can be used to escalate SQL Server user privileges to sysadmin throug...
Nuuo Central Management Server Authenticated Arbitrary File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Server Authenticated Arbitrary File Download', 'Description' = %q The Nuuo Central Management Server allows an...
BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure', 'Description' = %q This module exploits a...
Microsoft SQL Server SQL Injection Escalate Execute AS
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi Escalate Execute AS', 'Description' = %q This module can be used escalate privileges if the IMPERSONATION privilege has...
Microsoft SQL Server SQL Injection NTLM Stealer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi NTLM Stealer', 'Description' = %q This module can be used to help capture or relay the LM/NTLM credentials of the accou...
Microsoft SQL Server NTLM Stealer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server NTLM Stealer', 'Description' = %q This module can be used to help capture or relay the LM/NTLM credentials of the account...
Microsoft SQL Server SQL Injection SUSER_SNAME Windows Domain Account Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi SUSERSNAME Windows Domain Account Enumeration', 'Description' = %q This module can be used to bruteforce RIDs associate...
Microsoft SQL Server Escalate Db_Owner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server Escalate DbOwner', 'Description' = %q This module can be used to escalate privileges to sysadmin if the user has the dbowner...
Microsoft SQL Server Escalate EXECUTE AS
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server Escalate EXECUTE AS', 'Description' = %q This module can be used escalate privileges if the IMPERSONATION privilege has been...
Security Updates for Microsoft SQL Server OLE DB Driver (July 2024)
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user UI:R into attempting to connect to a malicious SQL...