Lucene search
K

40 matches found

exploitpack
exploitpack
added 2018/10/11 12:0 a.m.62 views

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server...

4.3CVSS6AI score0.23373EPSS
Exploits5
0day.today
0day.today
added 2018/10/11 12:0 a.m.60 views

Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection Vulnerability

Exploit for windows platform in category web applications Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and...

5.8AI score0.23373EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.500 views

Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection

Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 Previe...

5.5CVSS5.8AI score0.23373EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/10/11 12:0 a.m.153 views

Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-SQL-SERVER-MGMT-STUDIO-XMLA-FILETYPE-XML-INJECTION-CVE-2018-8532.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product SQL Server...

0.3AI score0.23373EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/10/11 12:0 a.m.70 views

Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-SQL-SERVER-MGMT-STUDIO-XEL-FILETYPE-XML-INJECTION-CVE-2018-8527.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product SQL Server...

0.3AI score0.23373EPSS
Exploits5
NVD
NVD
added 2018/10/10 1:29 p.m.25 views

CVE-2018-8532

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, S...

5.5CVSS5.3AI score0.23373EPSS
Exploits5References4
ATTACKERKB
ATTACKERKB
added 2018/10/10 1:29 p.m.3 views

CVE-2018-8533

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, S...

5.5CVSS5.9AI score0.23373EPSS
Exploits15References5
ATTACKERKB
ATTACKERKB
added 2018/10/10 1:29 p.m.6 views

CVE-2018-8527

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQ...

5.5CVSS5.8AI score0.23373EPSS
Exploits15References5
Prion
Prion
added 2018/10/10 1:29 p.m.17 views

Information disclosure

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQ...

4.3CVSS5.1AI score0.23373EPSS
Exploits15References4Affected Software1
CNVD
CNVD
added 2018/10/10 12:0 a.m.1 views

Microsoft SQL Server Management Studio Information Disclosure Vulnerability (CNVD-2019-01572)

Microsoft SQL Server Management Studio is an integrated environment for managing multiple SQL infrastructures from Microsoft. The product is mainly used for setting up, monitoring and managing SQL programs. An information disclosure vulnerability exists in Microsoft SQL Server Management Studio...

5.5CVSS5.5AI score0.23373EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
added 2018/10/10 12:0 a.m.26 views

Microsoft SQL Server Management Studio regsrvr File XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

2.6CVSS1.5AI score0.23373EPSS
Exploits5References1
Microsoft CVE
Microsoft CVE
added 2018/10/09 7:0 a.m.43 views

SQL Server Management Studio Information Disclosure Vulnerability

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing a malicious XEL file containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration...

5.5CVSS1.8AI score0.23373EPSS
Exploits5
Symantec
Symantec
added 2018/10/09 12:0 a.m.146 views

Microsoft SQL Server Management Studio CVE-2018-8532 Information Disclosure Vulnerability

Description Microsoft SQL Server Management Studio is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server Management Studio 17.9 Microsoft SQL Server...

5.4AI score0.23373EPSS
Exploits5Affected Software1
Citrix
Citrix
added 2017/10/06 12:0 a.m.7 views

WEM - Some Agents are not showing in WEM Console Agent List

Only one machine at a time within a particular group of WEM Agent machines is showing in the Agent list inside the WEM Administration Console. All machines in this group are receiving policies from WEM whether they appear in this list or not 1: Upon first enumerating the Agent List from inside th...

7.8AI score
Exploits0
Veeam
Veeam
added 2016/10/12 12:0 a.m.13 views

Restore Fails for Database with Consecutive Backslash Characters in File Path

Challenge Veeam Explorer for Microsoft SQL Server reports the error: Inconsistent database metadata. See the log for details. Cause One or more database file paths contained multiple consecutive backslash characters when the SQL server was backed up. Solution Clarifying Issue This issue cannot be...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2015/08/27 3:44 p.m.17 views

NetRipper - Smart Traffic Sniffing for Penetration Testers

NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipp...

7.3AI score
Exploits0References1
n0where
n0where
added 2015/08/14 3:28 a.m.35 views

Smart Traffic Sniffing: NetRipper

Smart Traffic Sniffing NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before...

Exploits0References2
Veeam
Veeam
added 2013/12/19 12:0 a.m.17 views

Installation Fails with Patched Database

Article Applicability The issue documented on this KB is only relevant to Veeam Backup & Replication versions prior to v10. Starting with v10, a different error occurs for the same reason and is documented on KB4204. Challenge When installing Veeam Backup & Replication, selecting an existing...

7.6AI score
Exploits0Affected Software1
Veeam
Veeam
added 2011/12/14 12:0 a.m.17 views

How to apply a SQL script to Veeam Backup & Replication/Veeam Backup Enterprise Manager Database

Purpose This article documents the procedure for applying a SQL script to a Microsoft SQL Server or PostgreSQL Database. Specifically, this article is targeted at the scenario where a support engineer has provided a .sql script to modify the Veeam Backup & Replication or Veeam Backup Enterprise...

7.6AI score
Exploits0
NVD
NVD
added 2011/06/16 8:55 p.m.24 views

CVE-2011-1280

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express SSMSE 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrar...

4.3CVSS6.9AI score0.15254EPSS
Exploits1References7
Rows per page
Query Builder