Sql injection

Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...

CVE-2022-30335

CVE-2022-30335 affects Bonanza Wealth Management System (BWM) 7.3.2. The vulnerability is a SQL injection in the login form, exploitable via the User Name textbox, which could enable an attacker to collect all passwords in encrypted format from the Microsoft SQL Server component. The connected do...

CVE-2022-30335

Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...

PT-2022-3130 · Microsoft · Sql Server

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to insufficient input validation in Microsoft SQL Server, allowing a remote attacker to execute arbitrary code by sending a specially crafted SQL query. Th...

KLA12510 Spoofing vulnerability in Microsoft SQL Server

A spoofing vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2022-23292 Related products Microsoft-Power-BI CVE list CVE-2022-23292 warning KB list Solution Install necessary updates from the KB section...

The vulnerability of the Microsoft SQL Server relational database management system for the Linux operating system relates to insecure management of privileges, allowing an attacker to elevate their own privileges.

The vulnerability of the Microsoft SQL Server relational database management system for the Linux operating system is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...

Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike

Vulnerable internet-facing Microsoft SQL MS SQL Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not...

Security Updates for Microsoft SQL Server (February 2022)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by a privilege escalation vulnerability that exists in Microsoft SQL Server 2019 Linux container images. An unauthenticated, local attacker could exploit this to elevate privileges...

Microsoft SQL Server 2019 for Linux Containers权限提升漏洞

Microsoft SQL Server is a large commercial database system used under Microsoft Windows from Microsoft Corporation Microsoft. Details are not available at this time...

KLA12455 Multiple vulnerabilities in Microsoft SQL Server

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Power BI can be exploited remotely ...

Security Bulletin: A security vulnerability has been identified in the IBM Spectrum Protect Client that affects multiple IBM Spectrum Protect products (CVE-2018-1786)

Summary The IBM Spectrum Protect formerly Tivoli Storage Manger Client/API is used as a component of IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for Windows, IBM Spectrum Protect for Databases, and IBM Spectrum Protect for Mail. Information about a security vulnerabili...

KLA12395 RCE vulnerability in Microsoft SQL Server

Remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-44228 Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malwar...

Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2021-32028

Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL. Vulnerability Details CVEID: CVE-2021-32028 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerabili...

KLA12344 SUI vulnerability in Microsoft SQL Server

A spoofing vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2021-41372 Related products Microsoft-Power-BI CVE list CVE-2021-41372 critical KB list 5007903 Solution Install necessary updates from the K...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in Microsoft SQL Server. The vulnerability allows a malicious party to launch Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attack. execute. By combining the two methods, an attacker can execute arbitrary code on the server under the privileges o...

Build Smart ERP 21.0817 - (eidValue) SQL Injection Vulnerability

Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection Unauthenticated Exploit Author: Nehru Sethuraman Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart Version: 21.0817 Build: 3 Google Dorks: intitle:buildsmart accounting Tested on: OS - Windows 2012 R2 or 8.1 &...

Build Smart ERP 21.0817 SQL Injection

Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection Unauthenticated Date: 24/10/2021 Exploit Author: Nehru Sethuraman Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart Version: 21.0817 Build: 3 Google Dorks: intitle:buildsmart accounting Tested on: OS - Windows 2012 ...

CVE-2021-33583

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...

Hardcoded credentials

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...

CVE-2021-33583

REINER timeCard 6.05.07 contains hardcoded sa credentials in TCServer.jar, enabling a Microsoft SQL Server instance that can be remotely accessed as sa. Red Hat and CNNVD entries corroborate that the password is hardcoded and can lead to remote access and command execution via the publicly reacha...