1294 matches found
Microsoft SQL Server Native Auditing Accessed
Binary data 5383.prm...
Microsoft SQL Server Suspicious Command Detection
Binary data 5390.prm...
Microsoft SQL Server Suspicious Command Detection
Binary data 5393.prm...
Blaze Apps 1.4.0.051909 Cross Site Scripting / SQL Injection
www.BugReport.ir AmnPardaz Security Research Team Title: Blaze Apps Multiple Vulnerabilities Vendor: http://blazeapps.codeplex.com Vulnerable Version: 1.4.0.051909 and prior versions Exploitation: Remote with browser Fix: N/A - Description: Blaze Apps is a ASP .NET 2 Content Management System. It...
Blaze Apps Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: Blaze Apps Multiple Vulnerabilities Vendor: http://blazeapps.codeplex.com Vulnerable Version: 1.4.0.051909 and prior versions Exploitation: Remote with browser Fix: N/A - Description: Blaze Apps is a ASP .NET 2 Content Management System. It...
Microsoft SQL Server sp_replwritetovarbin Memory Corruption
$Id: ms09004spreplwritetovarbin.rb 8068 2010-01-05 00:02:15Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption
A heap-based buffer overflow can occur when calling the undocumented "spreplwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine MSDE without the updates supplied in MS09-00...
Microsoft SQL Server Payload Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Microsoft SQ...
Microsoft SQL Server INSERT Statement Buffer Overflow (MS08-040; CVE-2008-0106)
Microsoft SQL Server is a popular relational database management system RDBMS. Microsoft SQL Server can be administered programmatically using system stored procedures, or through Distributed Management Objects DMO. Its primary query language is Transact-SQL, an implementation of the ANSI/ISO...
webshell mention the weight point directory summary-vulnerability warning-the black bar safety net
C:\Documents and Settings\All Users\Start Menu\Programs\ --'look here, can jump, and we from here can get a lot of useful information such as Serv-U path. C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere\ --‘see if you can jump to this directory, if the line that is the...
Microsoft SQL Server CONVERT Function Buffer Overflow (MS08-040; CVE-2008-0086)
Microsoft SQL Server is a relational database management system RDBMS. Microsoft SQL Server uses Transact-SQL T-SQL, a proprietor extension to Structured Query Language SQL, for querying and modifying data and managing databases. SQL Server can be remotely accessed via the Tabular Data Stream TDS...
Microsoft SQL Server Configuration Enumerator
This module will perform a series of configuration audits and security checks against a Microsoft SQL Server database. For this module to work, valid administrative user credentials must be supplied. This module requires Metasploit: https://metasploit.com/download Current source:...
Microsoft GDI+ TIFF File Processing 'BitsPerSample' Tag Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes TIFF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts...
Ipswitch WhatsUp Web Interface SQL Injection (CVE-2005-1250)
WhatsUp Professional 2005 is a network monitoring and resource management solution. WhatsUp Professional uses a relational database to store the information about user accounts and network devices that are monitored by the application. The relational databases supported by WhatsUp Professional ar...
New Unpatched Flaw Surfaces in SQL Server
There is an unpatched flaw in Microsoft SQL Server that could enable an attacker to access users’ passwords on the database server. The vulnerability is in SQL Server 2000, 2005 and 2008. The SQL Server vulnerability was discovered last fall by database-security vendor Sentrigo, which then report...
TekRADIUS SQL注入及不安全权限漏洞
CVECAN ID: CVE-2009-2357,CVE-2009-2358,CVE-2009-2359 TekRadius是一个免费的RADIUS服务器,可以支持RFC 2865和RFC 2866规范。 1 TekRADIUS的默认配置使用sa账号与Microsoft SQL Server通讯,远程攻击者可以相对较容易的获得对数据库的特权访问。 2 TekRADIUS将数据库凭据存储在了C:\Program Files\TekRADIUS\TekRADIUS.ini文件中。任何Windows本地用户都可以访问这个文件,读取加密了的凭据。 3...
Default configuration
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system...
Microsoft SQL Server spreplwritetovarbin Buffer Overflow
Added: 04/29/2009 CVE: CVE-2008-5416 BID: 32710 OSVDB: 50917 Background Microsoft SQL Server is a database server package for Windows platforms. Problem A buffer overflow vulnerability in the spreplwritetovarbin stored procedure allows remote, authenticated attackers to execute arbitrary commands...
Microsoft SQL Server spreplwritetovarbin Buffer Overflow
Added: 04/29/2009 CVE: CVE-2008-5416 BID: 32710 OSVDB: 50917 Background Microsoft SQL Server is a database server package for Windows platforms. Problem A buffer overflow vulnerability in the spreplwritetovarbin stored procedure allows remote, authenticated attackers to execute arbitrary commands...
Microsoft SQL Server spreplwritetovarbin Buffer Overflow
Added: 04/29/2009 CVE: CVE-2008-5416 BID: 32710 OSVDB: 50917 Background Microsoft SQL Server is a database server package for Windows platforms. Problem A buffer overflow vulnerability in the spreplwritetovarbin stored procedure allows remote, authenticated attackers to execute arbitrary commands...