1377 matches found
PT-2024-6358 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The vulnerability in the Native Scoring component of Microsoft SQL Server is related to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server, which can be exploited by an attacker to execute arbitrary...
PT-2024-6359 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to errors in numerical truncation in the Microsoft SQL Server system, which can allow a remote attacker to gain unauthorized access to protected informatio...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server, which can be exploited by an attacker to execute arbitrary...
PT-2024-6357 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server versions prior to 13.0.7045.2 Microsoft SQL Server versions prior to 13.0.6450.1 Microsoft SQL Server versions prior to 15.0.4395.2 Microsoft SQL Server versions prior to 15.0.2125.1 Microsoft SQL Server versions prior to...
PT-2024-6285 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in Microsoft SQL Server, associated with unsafe privilege management. Exploitation of this issue may allow a...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. An information disclosure vulnerability exists in Microsoft SQL Server, which can be exploited by attackers to obtain sensitive...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server, which can be exploited by an attacker to execute arbitrary...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. An elevation of privilege vulnerability exists in Microsoft SQL Server, which can be exploited by an attacker to execute arbitrar...
Microsoft SQL Server 资源管理错误漏洞
Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is used under Microsoft Windows. A resource management error vulnerability exists in Microsoft SQL Server. An attacker exploiting this vulnerability could remotely execute code. The following products a...
VulnCheck KEV: CVE-2019-1068
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'...
HTTP Microsoft SQL Injection Table XSS Infection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Microsoft SQL Injection Table XSS Infection', 'Description' = %q This module implements the mass SQL injection attack in use lately by...
Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SUSERSNAME SQL Logins Enumeration', 'Description' = %q This module can be used to obtain a list of all logins from a SQL...
Microsoft SQL Server SQL Injection Escalate Execute AS
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi Escalate Execute AS', 'Description' = %q This module can be used escalate privileges if the IMPERSONATION privilege has...
Microsoft SQL Server SQL Injection NTLM Stealer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi NTLM Stealer', 'Description' = %q This module can be used to help capture or relay the LM/NTLM credentials of the accou...
Microsoft SQL Server NTLM Stealer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server NTLM Stealer', 'Description' = %q This module can be used to help capture or relay the LM/NTLM credentials of the account...
Microsoft SQL Server Escalate Db_Owner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server Escalate DbOwner', 'Description' = %q This module can be used to escalate privileges to sysadmin if the user has the dbowner...
Microsoft SQL Server Escalate EXECUTE AS
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server Escalate EXECUTE AS', 'Description' = %q This module can be used escalate privileges if the IMPERSONATION privilege has been...
New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data
The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascadi...
GO-2023-1685 HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault...