PORTIER 4.4.4.2 / 4.4.4.6 SQL Injection Vulnerability

Exploit for php platform in category web applications PORTIER 4.4.4.2 / 4.4.4.6 SQL Injection Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open Manufacturer Notification: 2018-06-1...

Provisioning Services: PVS Servers May Stop Responding Or Target Devices May Freeze During Startup Due To Large Size Of MS SQL Transaction Logs

PVS servers may stop responding or PVS target devices may freeze during startup because there is not enough disk space left MS SQL server due to large Transaction log file size. Increasing the disk space on SQL servers resolves the issue of Target Device startup...

[SECURITY] Fedora 27 Update: WebCalendar-1.2.9-1.fc27

WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. MySQL, PostgreSQL, Oracle, DB2, Interbase, MS SQL Server, or ODBC is required. WebCalendar can be setup in a...

CVE-2015-9098

CVE-2015-9098 affects Redgate SQL Monitor versions prior to 3.10 and 4.x prior to 4.2. A remote unauthenticated attacker can gain access to the Base Monitor and execute arbitrary SQL commands on any monitored Microsoft SQL Server machines; if the Base Monitor connects using an account with SQL ad...

Mantis Bug Tracker 1.3.10 / 2.3.0 Cross Site Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...

Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...

Automated Security Response: Falcon Orchestrator

CrowdStrike Falcon Orchestrator is an extendable Windows-based application that provides workflow automation, case management and security response functionality. The tool leverages the highly extensible APIs contained within the CrowdStrike Falcon Connect program. Falcon Orchestrator has only be...

DbDat - Db Database Assessment Tool

DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...

How to exclude MS SQL Databases from SQL Log backup

Challenge It is necessary to exclude specific databases on one or more Microsoft SQL Server instances from Veeam SQL Transaction Log backup processing. Solution The following registry value is used to exclude databases from SQL Transaction Log backup. The exclusion will take effect during the nex...

Database Assessment Tool: DbDat

DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...

ms-sql-ntlm-info NSE Script

This script enumerates information from remote Microsoft SQL services with NTLM authentication enabled. Sending a MS-TDS NTLM authentication request with an invalid domain and null credentials will cause the remote service to respond with a NTLMSSP message disclosing information to include NetBIO...

Debian DSA-3369-1 : zendframework - security update

Multiple vulnerabilities were discovered in Zend Framework, a PHP framework : - CVE-2015-5723 It was discovered that due to incorrect permissions masks when creating directories, local attackers could potentially execute arbitrary code or escalate privileges. - ZF2015-08 no CVE assigned Chris...

DSA-3369-1 zendframework - security update

Bulletin has no description...

ManageEngine EventLog Analyzer 10.6 Build 10060 SQL Query Execution

Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication: 14/09/2015 Vulnerability Type: authenticated SQL query execution...

ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution

ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication:...

MS SQL Server 2000/2005 SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit

No description provided by source. % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD = PackDWORD & UnEscape"%...

MS SQL Server 2000/2005 SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit

Exploit for windows platform in category remote exploits % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD =...

MS SQL Server 2000/2005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer

% Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD = PackDWORD & UnEscape"%u" & MidstrTmp, 5, 2 & MidstrTmp, 7...

[SECURITY] Fedora 21 Update: mantis-1.2.19-3.fc21

Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis When t...

SQLMAP-Web-GUI - Web GUI to drive near full functionality of SQLMAP

PHP Frontend to work with the SQLMAP JSON API Server sqlmapapi.py to allow for a Web GUI to drive near full functionality of SQLMAP! Here is a few quick videos to show that almost all of your usual SQLMAP command line functionality is still possible via this Web GUI. Demo against: Windows 2003...