CVE-2013-4313

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

Sql injection

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

CVE-2013-4313

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

CVE-2013-4313

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

CVE-2013-4313

The CVE-2013-4313 issue affects Moodle up to versions 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2, where the application does not neutralize null bytes ('\0') in query strings. This can enable remote attackers to perform SQL injection against Microsoft SQL Server via a ...

How to Migrate Veeam ONE Deployment

Purpose This article documents the procedure for migrating Veeam ONE to a different machine. This can be useful if: The machine where Veeam ONE is currently installed runs an OS that is no longer supported by the version of Veeam ONE you plan to upgrade to. Your existing Veeam ONE deployment shar...

Microsoft SQL Server STARTTLS Support

The remote Microsoft SQL Server service supports the use of encryption initiated during pre-login to switch from a cleartext to an encrypted communications channel. TRUSTED...

Microsoft SQL Server Unsupported Version Detection

According to its self-reported version number, the installation of Microsoft SQL Server on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities...

Microsoft SQL Server - Database Link Crawling Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require...

[SQL Fingerprint] Christmas Release

Microsoft SQL Server fingerprinting can be a time consuming process, because it involves trial and error methods to determine the exact version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for certain server are two of the...

Microsoft SQL Server Database Link Crawling Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require...

Microsoft SQL Server SQLi NTLM Stealer

This module can be used to help capture or relay the LM/NTLM credentials of the account running the remote SQL Server service. The module will use the SQL injection from GETPATH to connect to the target SQL Server instance and execute the native "xpdirtree" or stored procedure. The stored...

Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)

This host has important security update missing according to Microsoft Bulletin MS12-070. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft SQL Server crossite scripting

SQL Server Report Manager crossite scripting...

Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)

This host has important security update missing according to Microsoft Bulletin MS12-070. OpenVAS Vulnerability Test $Id: secpodms12-070.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability 2754849 Authors: Rachana Shetty Copyright: Copyright...

Microsoft SQL Server Report Manager CVE-2012-2552 Cross Site Scripting Vulnerability

Description Microsoft SQL Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Technologie...

Microsoft SQL Server Find and Sample Data

This script will search through all of the non-default databases on the SQL Server for columns that match the keywords defined in the TSQL KEYWORDS option. If column names are found that match the defined keywords and data is present in the associated tables, the script will select a sample of th...

Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)

This host is missing a critical security update according to Microsoft Bulletin MS12-060. OpenVAS Vulnerability Test $Id: secpodms12-060.nasl 5912 2017-04-10 09:01:51Z teissa $ Microsoft Windows Common Controls Remote Code Execution Vulnerability 2720573 Authors: Veerendra G G Copyright: Copyrigh...

DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection

Title ----- DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection Severity -------- High Date Discovered --------------- April 12, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Chris Graham and r@b13$ Vulnerability Description...

Microsoft SQL Server privilege escalation

Privilege escalation via RESTORE DATABASE...