1379 matches found
DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection
Title ----- DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection Severity -------- High Date Discovered --------------- April 12, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Chris Graham and r@b13$ Vulnerability Description...
Microsoft SQL Server privilege escalation
Privilege escalation via RESTORE DATABASE...
TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability wa...
Microsoft SQL Server Privilege Escalation / SQL Injection
No description provided by source. AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability was discovere...
Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258)
This host is missing a critical security update according to Microsoft Bulletin MS12-027. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability
Description Microsoft Windows Common Controls is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the...
National Center EDU Research - SQL Injection Vulnerability
Document Title: =============== National Center EDU Research - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=415 Release Date: ============= 2012-04-08 Vulnerability Laboratory ID VL-ID: ====================================...
Database Open Access Information Disclosure Vulnerability
Various Database server might be prone to an information disclosure vulnerability if accessible to remote systems. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Microsoft SQL Server Payload Execution
This module executes an arbitrary payload on a Microsoft SQL Server by using the "xpcmdshell" stored procedure. Currently, three delivery methods are supported. First, the original method uses Windows 'debug.com'. File size restrictions are avoided by incorporating the debug bypass method present...
VOXTRONIC Voxlog Professional 3.7.2.729 SQL Injection
Exploit for php platform in category web applications SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: VOXTRONIC voxlog professional - voice recording solution vulnerable...
VOXTRONIC Voxlog Professional 3.7.2.729 SQL Injection / Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: VOXTRONIC voxlog professional - voice recording solution vulnerable version: VOXTRONIC voxlog professional = 3.7.2.729 webclien...
How to Manually Back Up Veeam Configuration Databases
Purpose This article documents methods to back up Microsoft SQL and PostgreSQL databases. This article also documents how to locate the configuration database for Veeam Backup & Replication / Veeam Cloud Connect Enterprise Manager Veeam Service Provider Console. For information about Veeam ONE,...
BEM Search Server Doesn't Remove Successfully
Challenge When trying to remove a Search Server from BEM by clicking the remove button, the server being removed is stuck in a "Removing" state. Cause Solution Veeam encourages backing up your SQL DB before making any changes. 1. Go to Microsoft SQL Server Management Studio May need to be install...
Lilupophilupop SQL Injection Attack Tops 1 Million Infected URLs
At any given time, there are probably dozens of somewhat serious SQL injection attacks going on in various portions of the Internet. But many of them never get noticed by most people, either because they’re not widespread enough or they’re not hitting high-profile targets. There’s one that’s been...
How to apply a SQL script to Veeam Backup & Replication/Veeam Backup Enterprise Manager Database
Purpose This article documents the procedure for applying a SQL script to a Microsoft SQL Server or PostgreSQL Database. Specifically, this article is targeted at the scenario where a support engineer has provided a .sql script to modify the Veeam Backup & Replication or Veeam Backup Enterprise...
Sqlninja 0.2.6 is now available
Sqlninja 0.2.6 is now available Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on...
Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit
?php / Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration Web Service getSubKeys Remote SQL Injection Exploit tested against: Microsoft Windows Server 2003 r2 sp2 Microsoft SQL Server 2005 Express download uri:...
Nortel Contact Recording Centralized Archive 6.5.1 - SQL Injection
Nortel Contact Recording Centralized Archive 6.5.1 - SQL Injection EyrAPIConfiguration /EyrAPIConfiguration/ ... at the following url: http://host:8080/EyrAPI/EyrAPIConfiguration/EyrAPIConfigurationIf Vulnerability: without prior authentication, you can reach a web service with various methods...
Nortel Contact Recording Centralized Archive 6.5.1 SQL Injection
EyrAPIConfiguration /EyrAPIConfiguration/ .. at the following url: http://host:8080/EyrAPI/EyrAPIConfiguration/EyrAPIConfigurationIf Vulnerability: without prior authentication, you can reach a web service with various methods availiable, as described inside the associated wsdl, see file:...
Bulletlink Newspaper Template Software 0day blind defect and repair-vulnerability warning-the black bar safety net
Bulletlink Newspaper Template Software targetform. asp 0day Blind SQL-Injection Author: easypwn Official website: www.bulletlink.com Test platform: Windows 2 0 0 0, Windows 2 0 0 3, Windows 2 0 0 8. Microsoft SQL Server Test: http://www.badguest.cn /targetform. asp? pform=DeleteMember'SQLi Analog...