11 matches found
KB2546951 - List of issues that are fixed by SQL Server 2008 Service Pack 3
KB2546951 - List of issues that are fixed by SQL Server 2008 Service Pack 3 INTRODUCTION This article lists SQL Server 2008 issues that are fixed by Microsoft SQL Server 2008 Service Pack 3 SP3. Notes Some issues that are not documented might be fixed by the service pack. The list of issues will ...
U.S. Dept Of Defense: SQL Injection on www.██████████ on countID parameter
Description: Hello Team, I have came across a sql injection vulnerability on www.██████ on countID parameter. I was able to retrieve the banner which is Microsoft SQL Server 2008 R2 SP3 - 10.50.6220.0 X64& Mar 19 2015 12:32:14 Copyright c Microsoft Corporation Standard Edition 64-bit on Windows N...
Microsoft SQL Server 2008 R2 SP2 10.50.4251.0 through 10.50.4331.0 Multiple Vulnerabilities (3045312)
Binary data 9817.prm...
Microsoft SQL Server 2008 10.00.x.x < 10.00.5869.00 Multiple Vulnerabilities (2984340)
Binary data 9702.prm...
CIMA DocuClass ECM - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: CIMA DocuClass Enterprise Content Management - Multiple Vulnerabilities Date: July 15, 2016 Exploit Author: Karn Ganeshen ipositivesecurity.blogspot.com Vendor Homepage: cima-software.com Version: app version All Tested on:...
某政府系统一处越权+一处SQL注入
简要描述: RT 详细说明: 山东农友软件公司官网:http://www.nongyou.com.cn/ 越权案例如下: http://221.2.149.47:8100/jubao/left.aspx http://222.135.109.70:8100/jubao/left.aspx http://123.134.189.60:8012/jubao/left.aspx http://218.56.40.229:8020/jubao/left.aspx http://222.135.127.190:7000/jubao/left.aspx 2.一处越权注入:...
Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)
This host is missing an important security update according to Microsoft Bulletin MS14-044. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
用友软件股份有限公司流通与零售行业事业部POST注射
简要描述: 用友软件分站流通与零售行业事业部某处出现POST注射, SA权限。只发现问题,不深入,不作恶。 详细说明: http://soft-sk.yonyou.com/service/jszc.jsp URL asktypeid=---注射点---&enddate=JyI%3d&prikey=1&startdate=01/01/1967&Submit=%b2%e9%d1%af POST数据 漏洞证明: web application technology: JSP back-end DBMS: Microsoft SQL Server 2008 current user: 'sa'...
用友某通用系统sql注入
简要描述: 用友某通用系统注入 详细说明: 用友TurboCRM存在通用sql注入 http://www.qinyuancrm.com/login/forgetpswd.php?orgcode=1&loginname=dsdfsfds loginname参数存在mssql timebased盲注 Place: GET Parameter: loginname Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: orgcode=1&loginname=dsdfsfds';...
SQL Server 2008
SQL Server 2008...
Security update 1970-01-01
...