Microsoft SQL Server Clr Stored Procedure Payload Execution

This module executes an arbitrary native payload on a Microsoft SQL server by loading a custom SQL CLR Assembly into the target SQL installation, and calling it directly with a base64-encoded payload. The module requires working credentials in order to connect directly to the MSSQL Server. This...

How to Reset XMS Administrator Password in Microsoft SQL

This article describesHow to Reset XMS Administrator Password in Microsoft SQL...

Microsoft SQL Server 2012 SP1 11.0.3300.0 through 11.0.3492.0 Multiple Vulnerabilities (3045317)

Binary data 9819.prm...

Microsoft SQL Server 2008 SP4 10.0.6500.0 through 10.0.6526.0 Multiple Vulnerabilities (3045308)

Binary data 9816.prm...

Microsoft SQL Server 2008 R2 SP2 10.50.4251.0 through 10.50.4331.0 Multiple Vulnerabilities (3045312)

Binary data 9817.prm...

Microsoft SQL Server 2014 12.0.2254.0 through 12.0.2546.0 Multiple Vulnerabilities (3045324)

Binary data 9828.prm...

Microsoft SQL Server 2008 SP3 10.0.5500.0 through 10.0.5520.0 Multiple Vulnerabilities (3045305)

Binary data 9815.prm...

Microsoft SQL Server 2012 SP3 11.0.6020.0 through 11.0.6247.0 Multiple Privilege Escalation (3194721)

Binary data 9811.prm...

Microsoft SQL Server 2014 SP1 12.0.4100.0 through 12.0.4231.0 Privilege Escalation (3194720)

Binary data 9812.prm...

Microsoft SQL Server 2014 SP2 12.0.5000.0 through 12.0.5202.0 Privilege Escalation (3194714)

Binary data 9813.prm...

Microsoft SQL Server 2016 13.0.1605.0 through 13.0.1721.0 Multiple Privilege Escalation (3194716)

Binary data 9814.prm...

Microsoft SQL Server 2008 R2 SP3 10.50.6500.0 through 10.50.6525.0 Multiple Vulnerabilities (3045314)

Binary data 9818.prm...

Microsoft SQL Server 2012 SP2 11.0.5058.0 through 11.0.5387.0 Multiple Privilege Escalation (3194719)

Binary data 9810.prm...

Microsoft SQL Server 2012 SP2 11.0.5500.0 through 11.0.5592.0 Multiple Vulnerabilities (3045319)

Binary data 9827.prm...

Microsoft SQL Server Multiple Vulnerabilities (MS16-136)

Microsoft SQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-7254

Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."...

CVE-2016-7252

Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnerability."...

CVE-2016-7251

Cross-site scripting XSS vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."...

CVE-2016-7251

Cross-site scripting XSS vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."...

CVE-2016-7250

Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."...