1294 matches found
CVE-2015-7404
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka Spectrum Protect for Databases 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server aka Spectrum Prote...
Multiple SQL Injection Vulnerabilities in Zend Framework MsSql and SQLite
Zend Framework is a set of open source PHP5 development framework , it is mainly used to develop Web programs and services . Multiple SQL injection vulnerabilities exist in Zend Framework MsSql and SQLite, allowing remote attackers to exploit the vulnerabilities to submit specially crafted SQL...
e-cology 时间盲注(hpid参数)
1、缺陷文件homepage/LoginHomepage.jsp 2、注入参数:hpid3、涉及厂商:泛微软件4、证明:sqlmap.py -u "http://localhost/homepage/LoginHomepage.jsp?hpid=52" --technique T --dbms "Microsoft SQL Server"...
MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer
MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh Unhandled Pointer % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoin...
Multiple IBM Products Information Disclosure Vulnerabilities
IBM Tivoli Storage Manager TSM for Databases: Data Protection for Microsoft SQL Server is a product of IBM Corporation in the U.S. IBM TSM for Databases is a backup and recovery management solution for databases. IBM Tivoli Storage Manager for Mail is a software module that automates data...
CVE-2015-4949
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception...
Design/Logic Flaw
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before...
Design/Logic Flaw
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception...
CVE-2015-6557
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before...
CVE-2015-6557
The CVE-2015-6557 issue affects IBM Tivoli Storage Manager suites (Databases, Mail, FlashCopy Manager) when application tracing is enabled. It discloses cleartext passwords in trace output or GUI exception messages, allowing a local attacker with access to the system to obtain sensitive credentia...
CVE-2015-4949
IBM Tivoli Storage Manager products expose cleartext passwords in exception messages and traces when application tracing or GUI popups occur (CVE-2015-4949; related CVE-2015-6557). Affected: TSM for Databases (SQL Server) 7.1 before 7.1.2, TSM for Mail (Exchange) 7.1 before 7.1.2, and Tivoli Stor...
Microsoft Remote Desktop Session Host CVE-2015-2472 Spoofing Vulnerability
Description Microsoft Remote Desktop Session Host is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. Attackers can exploit this issue to spoof and impersonate a legitimate user. Other attacks are also possible. Technologies Affected Microsoft SQL Server 200...
Microsoft SQL Server Remote Code Execution Vulnerability
Microsoft SQL Server is the United States Microsoft Microsoft company develops and maintains a set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists when Microsoft SQL Server fails to properly handle internal...
Microsoft SQL Server Remote Code Execution Vulnerability (CNVD-2015-04706)
Microsoft SQL Server is the United States Microsoft Microsoft company develops and maintains a set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists when Microsoft SQL Server fails to properly handle internal...
Microsoft SQL Server Privilege Vulnerability
Microsoft SQL Server is the United States Microsoft Microsoft company develops and maintains a set of applications in the Microsoft Windows system under the large commercial database system. An elevation of privilege vulnerability exists in Microsoft SQL Server, which can be exploited by an...
Microsoft SQL Server Multiple Vulnerabilities (MS15-058)
Microsoft SQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-1762
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain...
CVE-2015-1761
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability....
Remote code execution
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain...
Remote code execution
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code...