4 matches found
CVE-2023-25263
In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...
CVE-2023-25263
Stimulsoft Designer (Desktop) 2023.1.4–2023.1.5 is affected. Decompiling Stimulsoft.report.dll allows an attacker to decrypt any connection string stored in .mrt files due to a static secret used across tested versions and OSes. Root cause: hard-coded/static secret in the DLL enables bypassing op...
SRC-2020-0034 : Microsoft SharePoint Server SPSqlDataSource Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPSqlDataSource class. The issue results from the lack ...
siteserver latest version 3. 6. 4 background_log. aspx page sql injection vulnerability-vulnerability warning-the black bar safety net
There siteserver/platform/backgroundlog. aspx 用 .NET Reflector decompile BaiRong. BackgroundPages. dll this file View Code is as follows: this. spContents. ConnectionString = BaiRongDataProvider. ConnectionString; flag = base. Request. QueryString"UserName" != null; if ! flag this. spContents...