1294 matches found
CVE-2015-1763
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code...
CVE-2015-1761
CVE-2015-1761 relates to Microsoft SQL Server across multiple versions (2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, 2014) where an incorrect class during casts of unspecified pointers allows remote authenticated users to gain privileges via certain write access. The root cause is described as a ...
CVE-2015-1762
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain...
CVE-2015-1762
CVE-2015-1762 affects Microsoft SQL Server 2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, and 2014 when transactional replication is configured. Cause: uninitialized memory in an unspecified function call, allowing remote authenticated users to execute arbitrary code via crafted queries, demonstrat...
CVE-2015-1763
Microsoft SQL Server 2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, and 2014 are affected by CVE-2015-1763, caused by use of uninitialized memory during certain virtual function calls, enabling remote authenticated code execution via a crafted query. This aligns with MS15-058 vulnerabilities. Explo...
July 2015 Security Updates
Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer. As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month’s security updates and advisories visit...
Microsoft SQL Server CVE-2015-1761 Privilege Escalation Vulnerability
Description Microsoft SQL Server is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Avaya Meeting Exchange - Client Registration Server 5.0 Avaya Meeting Exchange - Client Registration Server 5.0.1 Avaya Meeting...
Microsoft SQL Server CVE-2015-1762 Remote Code Execution Vulnerability
Description Microsoft SQL Server is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial-of-service condition; this can result in the attacker gaining...
Microsoft SQL Server CVE-2015-1763 Remote Code Execution Vulnerability
Description Microsoft SQL Server is prone to a remote code-execution vulnerability. Successful exploits can allow attackers to execute arbitrary code within the affected system. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Avaya Meeting Exchange -...
Antivirus Exclusions for Veeam Agent for Microsoft Windows
Purpose This article documents antivirus exclusions that may be created to reduce the impact that antivirus software has on the functionality of Veeam Agent for Microsoft Windows. These antivirus exclusions may be applied to the Windows built-in antivirus or third-party antivirus software. Note:...
Coremail官网SQL注入可读全库
简要描述: coremail官网存在注入,有防护,可绕过。 详细说明: 漏洞地址:http://www.coremail.cn/gjzc2/list117.aspx?lcid=412 漏洞证明: 有防护,直接用sqlmap加个tamper=chardoubleencode.py可以跑出来。 这个是sqlmap用的payload: Place: GET Parameter: lcid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: lcid=412 AND...
某通用型政府建站系统SQL注入
简要描述: RT 详细说明: 山东农友软件公司官网:http://www.nongyou.com.cn/ 案例如下: http://222.135.127.190:7000/gov/SearchInfoSum.aspx?keyword= http://221.2.171.59:8000/gov/SearchInfoSum.aspx?keyword= http://222.135.109.70:8100/gov/SearchInfoSum.aspx?keyword= http://61.133.119.187:8089/gov/SearchInfoSum.aspx?keyword=...
某通用教育网站程序SQL注入漏洞
简要描述: 某通用教育网站程序SQL注入漏洞 详细说明: 使用量非常多 http://www.dlwsxx.com/ws2004/model/login1.asp http://www.fzjcxx.cn/ws2004/model/login1.asp http://www.nxyancgjzx.com/ws2004/model/login1.asp http://www.sgtjb.com/ws2004/model/login1.asp http://www.sdwhys.com/ws2004/model/login1.asp...
Restoring Encrypted Databases with Veeam Explorer for Microsoft SQL Server
Challenge Restoring an encrypted database with Veeam Explorer for Microsoft SQL Server fails with one of the following errors: Cannot find server certificate with thumbprint '' Transparent Data Encryption is not available in the edition of this SQL Server instance. You are unable to check "Perfor...
博云非书论文管理系统存在通用型SQL注入
简要描述: 论文管理系统存在通用型SQL注入 详细说明: 注入点:dbid和docid 搜索关键字:inurl:/docinfo.action?dbid= http://202.195.136.150/docinfo.action?dbid=72&docid=40824 http://202.199.163.37/docinfo.action?dbid=72&docid=40619 http://paper.buaalib.com/docinfo.action?dbid=72&docid=5793...
博云非书资料管理系统存在通用型SQL注入
简要描述: 某非书资料管理系统存在通用型SQL注入 详细说明: 注入点ISBN http://202.206.242.26:88/poweb/requestiso.do?status=insert&METAID=7578&PropertyID=&ISBN=7-112-06320-5&SSH= http://202.197.107.11:8080/poweb/requestiso.do?status=insert&METAID=7578&PropertyID=&ISBN=7-112-06320-5&SSH=...
某政府系统一处越权+一处SQL注入
简要描述: RT 详细说明: 山东农友软件公司官网:http://www.nongyou.com.cn/ 越权案例如下: http://221.2.149.47:8100/jubao/left.aspx http://222.135.109.70:8100/jubao/left.aspx http://123.134.189.60:8012/jubao/left.aspx http://218.56.40.229:8020/jubao/left.aspx http://222.135.127.190:7000/jubao/left.aspx 2.一处越权注入:...
ObSecure ObSecure360 Unauthenticated SQL Injection
ObSecure ObSecure360 Unauthenticated SQL Injection Vulnerability Release Date: 23-Dec-2014 Software: ObSecure 360 http://obsecure.com.au/Solutions.html "obsecure is an innovative cyber security software company that provides high security information distribution and transfer solutions that take...
用友某分战SQL注入第五弹
简要描述: 又来一发。。 详细说明: 注入URL: http://u9service.yonyou.com/servicehome/kmview.aspx?postid=ZS20100530204 sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org ! legal disclaimer: Usage of sqlmap for attacking targets without prior mutu consent is illegal. It is the end...
用友某废弃站点存在SQL注入
简要描述: 晚上无聊,看看公司的网站有什么漏洞,哈哈,果然无意间又发现了一枚. 上一次提交公司的漏洞:http://www.wooyun.org/bugs/wooyun-2014-084920 为什么RANK一直没补啊,漏洞也不再我的列表下? @疯狗 @xsser 详细说明: 存在地址:http://125.35.5.234:81/ ping dbmservice.yonyou.com 感觉是很老的站点,于是乎,在登录账号的时候输入了',果不其然,发现有注入 构造下URL:http://125.35.5.234:81/checkuser.asp?loginname=admin&pwd=1...