4519 matches found
DEBIAN-CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...
Sql injection
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...
CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...
CVE-2017-11509
CVE-2017-11509 is an authenticated remote code execution in Firebird SQL Server, triggered by executing a malformed SQL statement. The vulnerability affects Firebird versions 2.5.7 and 3.0.2, allowing an authenticated attacker to run arbitrary code on the server. Publicly documented remediation v...
CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...
CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...
EUVD-2017-3126
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...
Microsoft SQL Server Default Credentials (PCI wordlist)
The SQL Server has a common password for one or more accounts. These accounts may be used to gain access to the records in the database or even allow remote command execution. TRUSTED...
Not All Privileges are Assigned to Caller error during upgrade/install
Challenge When upgrading, the installer encounters the following error message which prevents it from proceeding: "Not all privileges or groups referenced are assigned to the caller" Affected Application Installers Veeam Backup & Replication Veeam Backup Enterprise Manager Veeam ONE Veeam Recover...
A Deep Dive into Database Attacks [Part II]: Delivery and Execution of Malicious Executables through SQL commands (SQL Server)
An organization’s database servers are frequently the prime target of attackers. We recently started a new research project we named StickyDB to learn more about database hacking, primarily to understand common database attacks, tools and techniques engaged by attackers. To conduct this research,...
MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (uncredentialed check)
The remote host is running a version of Windows that has multiple buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and BMP files that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a malformed image file ...
HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HPE iMC dbman RestartDB Unauthenticated RCE', 'Description' = %q This module exploits a remote command execution vulnerablity in Hewlett Packard...
ADV180002: Microsoft SQL Server January 2018 Security Update (Meltdown) (Spectre)
The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by a vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel...
Description of the security update for SQL Server 2008 SP4 GDR: January 6, 2018
Description of the security update for SQL Server 2008 SP4 GDR: January 6, 2018 Summary Microsoft is aware of detailed information that has been published about a class of vulnerabilities referred to as speculative execution side-channel attacks. To learn more about the vulnerabilities, go to...
Description of the security update for SQL Server 2008 R2 SP3 GDR: January 6, 2018
Description of the security update for SQL Server 2008 R2 SP3 GDR: January 6, 2018 Summary Microsoft is aware of detailed information that has been published about a class of vulnerabilities referred to as speculative execution side-channel attacks. To learn more about the vulnerabilities, go to...
Description of the security update for SQL Server 2014 SP2 CU10: January 16, 2018
Description of the security update for SQL Server 2014 SP2 CU10: January 16, 2018 Summary Microsoft is aware of a new publicly disclosed class of vulnerabilities that are referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including...
Description of the security update for SQL Server 2017 GDR: January 3, 2018
Description of the security update for SQL Server 2017 GDR: January 3, 2018 Summary Microsoft is aware of detailed information that has been published about a class of vulnerabilities that are referred to as speculative execution side-channel attacks. To learn more about the vulnerabilities, go t...
Description of the security update for SQL Server 2012 SP4 GDR: January 12, 2018
Description of the security update for SQL Server 2012 SP4 GDR: January 12, 2018 Summary Microsoft is aware of detailed information that has been published about a class of vulnerabilities referred to as speculative execution side-channel attacks. To learn more about the vulnerabilities, see...
Description of the security update for SQL Server 2014 SP2 GDR: January 16, 2018
Description of the security update for SQL Server 2014 SP2 GDR: January 16, 2018 Summary Microsoft is aware of a new publicly disclosed class of vulnerabilities that are referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including...
Description of the security update for SQL Server 2016 SP1 GDR: January 3, 2018
Description of the security update for SQL Server 2016 SP1 GDR: January 3, 2018 Summary Microsoft is aware of detailed information that has been published about a class of vulnerabilities that are referred to as speculative execution side-channel attacks. To learn more about the vulnerabilities, ...