ClassApps SelectSurvey.net - Multiple SQL Injections

Exploit Title: Multiple SQL Injection Vulnerabilities in SelectSurvey.net Google Dork: intitle:SelectSurvey Date: Sep 03 2014 Vendor Homepage: https://www.classapps.com/ Software Link: https://www.classapps.com/SelectSurveyNETOverview.asp Version: 4.124.004 Tested on: Windows 2008 R2/SQL Server...

ClassApps SelectSurvey.net 4.124.004 SQL Injection

Details ========== Software: ClassApps SelectSurvey.net Description: Multiple SQL Injection Vulnerabilities Version: 4.124.004 Homepage: https://www.classapps.com/SelectSurveyNETOverview.asp Vendor Fix: 4.125.002 CVE: 2014-6030 Timeline ========== Aug 28 2014 - Vendor Notified Aug 28 2014 - CVE...

万户网络 无条件SQL注入

简要描述： 详细说明： 验证地址： -u "http://222.178.221.54:7001/defaultroot/GovDocumentDossierAction.do?id=1&flag=sendFile" --dbms="Microsoft SQL Server" 存在漏洞地址： http://119.254.81.197:7001 http://61.191.17.216:7001 http://219.136.247.248:7001/ http://222.178.221.54:7001 漏洞证明： 由于是 延时盲注 数据出来较慢 我就不截图了，您可以自己验证下。...

Microsoft SQL Server multiple security vulnerabilities

XSS, stack overrun...

Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)

This host is missing an important security update according to Microsoft Bulletin MS14-044. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2014-4061

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...

Stack overflow

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...

Cross site scripting

Cross-site scripting XSS vulnerability in Master Data Services MDS in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."...

CVE-2014-1820

Cross-site scripting XSS vulnerability in Master Data Services MDS in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."...

CVE-2014-4061

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...

KLA10615 Multiple vulnerabilities in Microsoft SQL Server

Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to cause denial of service or inject arbitrary code. Below is a complete list of vulnerabilities 1. Lack of stack memory restrictions can be exploited remotely via a special...

Microsoft SQL Server CVE-2014-4061 Local Denial of Service Vulnerability

Description Microsoft SQL Server is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause a system to stop responding, denying further service to legitimate users. Technologies Affected Microsoft SQL Server 2008 32bit SP3 Microsoft SQL Server 2008 R2 for 32-b...

Microsoft SQL Server Master Data Services CVE-2014-1820 Cross Site Scripting Vulnerability

Description Microsoft SQL Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Technologie...

某投稿系统通用型SQL注射漏洞（影响众多企事业单位及学校）

简要描述： 某投稿系统通用型SQL注射漏洞 详细说明： 南京杰诺瀚软件科技有限公司的投稿系统SQL注射漏洞 intitle:投稿系统 技术支持：南京杰诺瀚软件科技有限公司 Web/Login.aspx 页面的 username 参数存在问题 DBA 权限注射 URL:...

Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or...

Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2038/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or...

Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5483/info Microsoft SQL Server 2000 uses an Agent which is responsible for restarting the SQL Server service, replication, and running scheduled jobs. Some of the jobs that the Agent executes have weak permissions, which...

Microsoft SQL Server sp_replwritetovarbin Memory Corruption

No description provided by source. $Id: ms09004spreplwritetovarbin.rb 11631 2011-01-24 19:37:58Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...

Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2040/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or...

Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7541/info Microsoft SQL Server is prone to an exploitable buffer overrun vulnerability via the Jet Database Engine. This can occur while the JET 4.0 OLE DB data provider is querying data supplied via a remote source and i...