1294 matches found
KLA11477 OSI vulnerability in Microsoft SQL Server
An information disclosure vulnerability in Microsoft SQL Server Analysis Services can be exploited remotely via specially crafted query to obtain sensitive information. Original advisories CVE-2019-0819 Related products Microsoft-SQL-Server CVE list CVE-2019-0819 warning KB list 4494351 4494352...
Security Updates for Microsoft SQL Server (May 2019)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability that exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions. An attacker who successfully exploit...
Security Updates for Microsoft SQL Server (May 2019)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability that exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions. An attacker who successfully exploit...
HeidiSQL 10.1.0.5464 - Denial of Service Exploit
Exploit Title: HeidiSQL Portable 10.1.0.5464 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.heidisql.com/ Software Link: https://www.heidisql.com/downloads/releases/HeidiSQL10.164Portable.zip Tested Version: 10.1.0.5464 Tested on: Windows 10 Single Language x6...
HeidiSQL 10.1.0.5464 - Denial of Service (PoC)
HeidiSQL 10.1.0.5464 - Denial of Service PoC Exploit Title: HeidiSQL Portable 10.1.0.5464 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: https://www.heidisql.com/ Software Link:...
HeidiSQL Portable 10.1.0.5464 Denial Of Service
Exploit Title: HeidiSQL Portable 10.1.0.5464 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: https://www.heidisql.com/ Software Link: https://www.heidisql.com/downloads/releases/HeidiSQL10.164Portable.zip Tested Version: 10.1.0.5464 Tested on:...
Starbucks: SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database
As described in the Hacker Summary, @spaceraccoon discovered a SQL Injection vulnerability in a web service backed by Microsoft Dynamics AX. @spaceraccoon demonstrated that the flaw was exploitable via XML-formatted HTTP payload requests to the server. We appreciate @spaceraccoon's clear and...
Security Updates for Microsoft SQL Server 2016 and 2017 x64 (August 2018) (uncredentialed check)
The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by buffer overflow vulnerability that could allow remote code execution on an affected system. An attacker who successfully exploited the vulnerability could execute code in the context of the SQL Server...
GHSA-9C2P-JW8P-F84V SQL Injection in sequelize
Affected versions of sequelize cast arrays to strings and fail to properly escape the resulting SQL statement, resulting in a SQL injection vulnerability. Proof of Concept In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped...
SQL Injection in sequelize
Affected versions of sequelize cast arrays to strings and fail to properly escape the resulting SQL statement, resulting in a SQL injection vulnerability. Proof of Concept In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped...
How to Collect Logs for Veeam Plug-in for SAP HANA
Purpose This article documents how to collect the diagnostic information needed for a support case involving the Veeam Plug-in for SAP HANA. Solution 1. Collect diagnostic information as documented in the four sections below. 2. Combine the data into a single .zip file. 3. Attach the zip file to...
The vulnerability of Microsoft SQL Server Management Studio, related to errors in restricting XML references to external objects (XXE), allows attackers to disclose sensitive information.
The vulnerability of Microsoft SQL Server Management Studio is related to errors in restricting XML references to external objects XXE. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information using a specially crafted file...
SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
Microsoft SQL Server Management Studio XXE Injection Information Disclosure (CVE-2018-8527; CVE-2018-8532; CVE-2018-8533)
Multiple information disclosure vulnerabilities exist in Microsoft SQL Server Management Studio. The vulnerabilities are due to a flaw when parsing a malicious XEL/XML/XMLA file containing a reference to an external entity. A remote authenticated attacker could exploit these vulnerabilities by...
Automatic SQL injection and database takeover tool: sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
The vulnerability of Microsoft SQL Server Management Studio’s database management tool lies in the insufficient restriction on XML references to external objects, which allows attackers to exploit this to disclose sensitive information.
The vulnerability of the Microsoft SQL Server Management Studio SSMS database management tool is related to insufficient restrictions on XML references to external objects XML External Entity, XXE. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information using a...
S-CMS Hospital Website Builder System has SQL Injection Vulnerability in Frontend
S-CMS hospital station building system is developed by asp+access/mssql, easy to operate, convenient, support PC+mobile+WeChat. There is a SQL injection vulnerability in the frontend of S-CMS Hospital Building System. An attacker can exploit the vulnerability to obtain sensitive information from...
Microsoft SQL Server Management Studio (SSMS) Installed
Binary data microsoftssmsinstalled.nbin...
Microsoft SQL Server Management Studio Multiple vulnerabilities (October 2018)
The version of Microsoft SQL Server Management Studio installed on the remote Windows host is a version prior or equal to 17.9, 18.0 Preview 4. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's...
Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-SQL-SERVER-MGMT-STUDIO-REGSRVR-FILES-XML-INJECTION-CVE-2018-8533.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product SQL Server...