1294 matches found
Microsoft SQL Server Report Manager CVE-2012-2552 Cross Site Scripting Vulnerability
Description Microsoft SQL Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Technologie...
Microsoft SQL Server Find and Sample Data
This script will search through all of the non-default databases on the SQL Server for columns that match the keywords defined in the TSQL KEYWORDS option. If column names are found that match the defined keywords and data is present in the associated tables, the script will select a sample of th...
Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)
This host is missing a critical security update according to Microsoft Bulletin MS12-060. OpenVAS Vulnerability Test $Id: secpodms12-060.nasl 5912 2017-04-10 09:01:51Z teissa $ Microsoft Windows Common Controls Remote Code Execution Vulnerability 2720573 Authors: Veerendra G G Copyright: Copyrigh...
DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection
Title ----- DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection Severity -------- High Date Discovered --------------- April 12, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Chris Graham and r@b13$ Vulnerability Description...
Microsoft SQL Server privilege escalation
Privilege escalation via RESTORE DATABASE...
TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability wa...
Microsoft SQL Server Privilege Escalation / SQL Injection
No description provided by source. AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability was discovere...
Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258)
This host is missing a critical security update according to Microsoft Bulletin MS12-027. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability
Description Microsoft Windows Common Controls is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the...
National Center EDU Research - SQL Injection Vulnerability
Document Title: =============== National Center EDU Research - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=415 Release Date: ============= 2012-04-08 Vulnerability Laboratory ID VL-ID: ====================================...
Database Open Access Information Disclosure Vulnerability
Various Database server might be prone to an information disclosure vulnerability if accessible to remote systems. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Microsoft SQL Server Payload Execution
This module executes an arbitrary payload on a Microsoft SQL Server by using the "xpcmdshell" stored procedure. Currently, three delivery methods are supported. First, the original method uses Windows 'debug.com'. File size restrictions are avoided by incorporating the debug bypass method present...
VOXTRONIC Voxlog Professional 3.7.2.729 SQL Injection
Exploit for php platform in category web applications SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: VOXTRONIC voxlog professional - voice recording solution vulnerable...
VOXTRONIC Voxlog Professional 3.7.2.729 SQL Injection / Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: VOXTRONIC voxlog professional - voice recording solution vulnerable version: VOXTRONIC voxlog professional = 3.7.2.729 webclien...
BEM Search Server Doesn't Remove Successfully
Challenge When trying to remove a Search Server from BEM by clicking the remove button, the server being removed is stuck in a "Removing" state. Cause Solution Veeam encourages backing up your SQL DB before making any changes. 1. Go to Microsoft SQL Server Management Studio May need to be install...
Lilupophilupop SQL Injection Attack Tops 1 Million Infected URLs
At any given time, there are probably dozens of somewhat serious SQL injection attacks going on in various portions of the Internet. But many of them never get noticed by most people, either because they’re not widespread enough or they’re not hitting high-profile targets. There’s one that’s been...
Sqlninja 0.2.6 is now available
Sqlninja 0.2.6 is now available Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on...
Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit
?php / Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration Web Service getSubKeys Remote SQL Injection Exploit tested against: Microsoft Windows Server 2003 r2 sp2 Microsoft SQL Server 2005 Express download uri:...
Nortel Contact Recording Centralized Archive 6.5.1 - SQL Injection
Nortel Contact Recording Centralized Archive 6.5.1 - SQL Injection EyrAPIConfiguration /EyrAPIConfiguration/ ... at the following url: http://host:8080/EyrAPI/EyrAPIConfiguration/EyrAPIConfigurationIf Vulnerability: without prior authentication, you can reach a web service with various methods...
Nortel Contact Recording Centralized Archive 6.5.1 SQL Injection
EyrAPIConfiguration /EyrAPIConfiguration/ .. at the following url: http://host:8080/EyrAPI/EyrAPIConfiguration/EyrAPIConfigurationIf Vulnerability: without prior authentication, you can reach a web service with various methods availiable, as described inside the associated wsdl, see file:...