CVE-2016-6532

DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXISDATA SQL Server session...

CVE-2016-6532

CVE-2016-6532 affects DEXIS Imaging Suite 10, which contains hard-coded credentials for the sa account, enabling remote administrative access to the DEXIS_DATA SQL Server session. The vulnerability emerges from hard-coded database credentials and can lead to full compromise of the patient databas...

PowerUpSQL - A PowerShell Toolkit for Attacking SQL Server

The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could...

CVE-2016-5683

ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...

Hardcoded credentials

ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...

CVE-2016-5683

ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...

CVE-2016-5683

CVE-2016-5683 affects ReadyDesk 9.1. The vulnerability arises from storing SQL Server credentials in encrypted form using a hard-coded cryptographic key found in ReadyDesk.dll, allowing local users to decrypt and obtain cleartext credentials by reading SQL_Config.aspx. Connected sources corrobora...

Microsoft SQL Server 2008 Detection

Binary data 9508.prm...

Microsoft SQL Server 2016 Detection

Binary data 9512.prm...

Microsoft SQL Server 2008 R2 Detection

Binary data 9509.prm...

Microsoft SQL Server 2012 Detection

Binary data 9510.prm...

Microsoft SQL Server 2014 Detection

Binary data 9511.prm...

CVE-2016-3059

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka IBM Spectrum Protect for Databases 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server aka IBM Spectrum Protect Snapshot 3.1 before 3.1.1.7 and 3.2 before...

Sql injection

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka IBM Spectrum Protect for Databases 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server aka IBM Spectrum Protect Snapshot 3.1 before 3.1.1.7 and 3.2 before...

CVE-2016-3059

CVE-2016-3059 affects IBM Tivoli Storage Manager for Databases (IBM Spectrum Protect for Databases) and IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (IBM Spectrum Protect Snapshot). The vulnerability allows local users to disclose the cleartext SQL Server password by reading the ...

CVE-2016-3059

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka IBM Spectrum Protect for Databases 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server aka IBM Spectrum Protect Snapshot 3.1 before 3.1.1.7 and 3.2 before...

CIMA DocuClass ECM - Multiple Vulnerabilities

Exploit Title: CIMA DocuClass Enterprise Content Management - Multiple Vulnerabilities Date: July 15, 2016 Exploit Author: Karn Ganeshen ipositivesecurity.blogspot.com Vendor Homepage: cima-software.com Version: app version All Tested on: Microsoft Windows 2008 R2 DocuClass is a modular and...

Vulnerability of Microsoft SQL Server software, allowing a malicious entity to compromise the accessibility of protected information

There is a vulnerability in SQL Server that can cause a service failure. If exploited successfully, a malicious individual can trigger a server failure before it can be restarted manually...

Vulnerability of Microsoft SQL Server software, allowing a malicious entity to compromise protected information

Cross-site execution of scripts in SQL Master Data Services MDS allows a malicious actor to inject a script into a user’s Internet Explorer. With the help of this script, a malicious actor can replace the content on the website, gain access to confidential information, or perform any action on th...

CIMA DocuClass ECM - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: CIMA DocuClass Enterprise Content Management - Multiple Vulnerabilities Date: July 15, 2016 Exploit Author: Karn Ganeshen ipositivesecurity.blogspot.com Vendor Homepage: cima-software.com Version: app version All Tested on:...