Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus (CVE-2019-4703)

Summary The user id and password may be exposed in IBM Spectrum Protect Plus when protecting Microsoft SQL or Microsoft Exchange. Vulnerability Details CVEID: CVE-2019-4703 DESCRIPTION: IBM Spectrum Protect Plus, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with...

Intel Extreme Tuning Utility 6.4.1.23 Code Execution / Privilege Escalation

Hi @ll, the executable installer of the Intel Extreme Tuning Utility, version 6.4.1.23 Latest, released 5/18/2018, available from via is SURPRISE! vulnerable. CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Vulnerability 0: ================= The executable installer XTU-Setup.exe comes with at least...

Security Bulletin: Password Disclosure via FlashCopy Manager on Windows, Data Protection for Exchange, and Data Protection for SQL CVE-2015-4949, CVE 2015-6557

Summary The password associated with Tivoli Storage Manager or the Microsoft SQL DB user is displayed in plain text via application pop-up messages for failed operations and in application trace output. Vulnerability Details CVEID: CVE-2015-4949 DESCRIPTION: IBM Tivoli Storage Manager for Databas...

NEW: Vulnerability and Assessment Scanning for Your AWS Cloud Databases

Scuba is a free and easy-to-use tool that uncovers hidden security risks. Scuba is frequently updated with content from Imperva’s Defense Center researchers. With Scuba you can: Scan enterprise databases for vulnerabilities and misconfigurations Identify risks to your databases Get recommendation...

Microsoft SQL Database Attacking Tool: MSDAT

MSDAT M icro s oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...

How to Reset XMS Administrator Password in Microsoft SQL

This article describesHow to Reset XMS Administrator Password in Microsoft SQL...

CVE-2016-3059

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka IBM Spectrum Protect for Databases 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server aka IBM Spectrum Protect Snapshot 3.1 before 3.1.1.7 and 3.2 before...

Siemens WinCC Microsoft SQL (MSSQL) Server Default Credentials (TCP/IP Listener)

The remote Microsoft SQL MSSQL Server has Siemens WinCC related default credentials set. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5483/info Microsoft SQL Server 2000 uses an Agent which is responsible for restarting the SQL Server service, replication, and running scheduled jobs. Some of the jobs that the Agent executes have weak permissions, which...

How to migrate Veeam Backup & Replication or Veeam Backup Enterprise Manager

Veeam Backup & Replication Migration Details regarding Veeam Backup & Replication migration are now fully documented in the product user guide. Please review the following documentation: Migrating Veeam Backup & Replication to Another Server Other Migration Types: Migrating Veeam Backup &...

How to Migrate Veeam ONE Deployment

Purpose This article documents the procedure for migrating Veeam ONE to a different machine. This can be useful if: The machine where Veeam ONE is currently installed runs an OS that is no longer supported by the version of Veeam ONE you plan to upgrade to. Your existing Veeam ONE deployment shar...

How to Manually Back Up Veeam Configuration Databases

Purpose This article documents methods to back up Microsoft SQL and PostgreSQL databases. This article also documents how to locate the configuration database for Veeam Backup & Replication / Veeam Cloud Connect Enterprise Manager Veeam Service Provider Console. For information about Veeam ONE,...

How to apply a SQL script to Veeam Backup & Replication/Veeam Backup Enterprise Manager Database

Purpose This article documents the procedure for applying a SQL script to a Microsoft SQL Server or PostgreSQL Database. Specifically, this article is targeted at the scenario where a support engineer has provided a .sql script to modify the Veeam Backup & Replication or Veeam Backup Enterprise...

CA BrightStor Agent for Microsoft SQL - Remote Overflow (Metasploit)

$Id: sqlagent.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

ms-sql-empty-password NSE Script

Attempts to authenticate to Microsoft SQL Servers using an empty password for the sysadmin sa account. SQL Server credentials required: No will not benefit from mssql.username & mssql.password. Run criteria: Host script: Will run if the mssql.instance-all, mssql.instance-name or mssql.instance-po...

CA BrightStor Agent for Microsoft SQL Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'CA BrightSto...

ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability

ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-071 October 30, 2008 -- Affected Vendors: IBM -- Affected Products: IBM Tivoli Storage Manager Express -- TippingPointTM IPS Customer Protection:...

IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express for Microsoft SQL. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Data Protection for SQL CAD service, dsmcat.exe, which...

HTTP Microsoft SQL Injection Table XSS Infection

This module implements the mass SQL injection attack in use lately by concatenation of HTML string that forces a persistent XSS attack to redirect user browser to an attacker controller website. This module requires Metasploit: https://metasploit.com/download Current source:...

CA BrightStor Agent for Microsoft SQL Overflow

This module exploits a vulnerability in the CA BrightStor Agent for Microsoft SQL Server. This vulnerability was discovered by cybertronicatgmx.net. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...