1417 matches found
ClassApps SelectSurvey.net - Multiple SQL Injections
Exploit Title: Multiple SQL Injection Vulnerabilities in SelectSurvey.net Google Dork: intitle:SelectSurvey Date: Sep 03 2014 Vendor Homepage: https://www.classapps.com/ Software Link: https://www.classapps.com/SelectSurveyNETOverview.asp Version: 4.124.004 Tested on: Windows 2008 R2/SQL Server...
ClassApps SelectSurvey.net 4.124.004 SQL Injection
Details ========== Software: ClassApps SelectSurvey.net Description: Multiple SQL Injection Vulnerabilities Version: 4.124.004 Homepage: https://www.classapps.com/SelectSurveyNETOverview.asp Vendor Fix: 4.125.002 CVE: 2014-6030 Timeline ========== Aug 28 2014 - Vendor Notified Aug 28 2014 - CVE...
万户网络 无条件SQL注入
简要描述: 详细说明: 验证地址: -u "http://222.178.221.54:7001/defaultroot/GovDocumentDossierAction.do?id=1&flag=sendFile" --dbms="Microsoft SQL Server" 存在漏洞地址: http://119.254.81.197:7001 http://61.191.17.216:7001 http://219.136.247.248:7001/ http://222.178.221.54:7001 漏洞证明: 由于是 延时盲注 数据出来较慢 我就不截图了,您可以自己验证下。...
Microsoft SQL Server multiple security vulnerabilities
XSS, stack overrun...
Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)
This host is missing an important security update according to Microsoft Bulletin MS14-044. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2014-4061
Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...
Cross site scripting
Cross-site scripting XSS vulnerability in Master Data Services MDS in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."...
Stack overflow
Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...
CVE-2014-1820
Cross-site scripting XSS vulnerability in Master Data Services MDS in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."...
CVE-2014-4061
Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...
Microsoft SQL Server CVE-2014-4061 Local Denial of Service Vulnerability
Description Microsoft SQL Server is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause a system to stop responding, denying further service to legitimate users. Technologies Affected Microsoft SQL Server 2008 32bit SP3 Microsoft SQL Server 2008 R2 for 32-b...
Microsoft SQL Server Master Data Services CVE-2014-1820 Cross Site Scripting Vulnerability
Description Microsoft SQL Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Technologie...
KLA10615 Multiple vulnerabilities in Microsoft SQL Server
Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to cause denial of service or inject arbitrary code. Below is a complete list of vulnerabilities 1. Lack of stack memory restrictions can be exploited remotely via a special...
某投稿系统通用型SQL注射漏洞(影响众多企事业单位及学校)
简要描述: 某投稿系统通用型SQL注射漏洞 详细说明: 南京杰诺瀚软件科技有限公司的投稿系统SQL注射漏洞 intitle:投稿系统 技术支持:南京杰诺瀚软件科技有限公司 Web/Login.aspx 页面的 username 参数存在问题 DBA 权限注射 URL:...
Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8274/info Microsoft SQL Server and the Microsoft Data Engine have been reported prone to a denial of service attack. Any local or remote user, who can authenticate and is part of the Everyone Group, may trigger a denial o...
Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5307/info Microsoft SQL Server 2000 includes utilities called Database Consistency Checkers DBCC. Several of these programs contain identical buffer overflows that, when exploited, could allow an attacker to execute...
Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the ability to execute a query o...
Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5310/info A vulnerability in Microsoft SQL Server 2000 could allow remote attackers to access target hosts. A problem in the SQL Server Resolution Service allows a remote attacker to execute arbitrary code on a vulnerable...
Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5411/info A vulnerability has been discovered in Microsoft SQL Server that could make it possible for remote attackers to gain access to target hosts. It is possible for an attacker to cause a buffer overflow condition on...
Microsoft SQL Server sp_replwritetovarbin Memory Corruption
No description provided by source. $Id: ms09004spreplwritetovarbin.rb 11631 2011-01-24 19:37:58Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...