18 matches found
How to Configure SQL Instances in XenMobile Server with custom port
This article provides information on how to install XenMobile Server XMS 10 to be configured on a SQL Instance with the custom port. Prerequisites Knowledge of SQL service accountcredentials with the appropriate role. Knowledge of SQL Server FQDN or IP. Knowledge of custom port for the SQL instan...
SQL Injection
langchain is vulnerable to SQL Injection. The vulnerability is due to a prompt injection which allows execution of arbitrary code against the SQL service provided by the chain...
GHSA-8H5W-F6Q9-WG35 Langchain SQL Injection vulnerability
In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain...
Stored XSS and possible RCE/LFI in case of misconfiguration
Description phpmyfaq has a feature to restore from a backup the entire application. An attacker with admin grant can export the configuration and re-upload the same file bypassing all the backend sanitization and controls. Proof of Concept XSS 1. - login as admin 2. - go to backup page 3. - Creat...
KB2979597 - SQL Server 2008 R2 Service Pack 3 release information
KB2979597 - SQL Server 2008 R2 Service Pack 3 release information Summary This article contains important information to read before you install Microsoft SQL Server 2008 R2 Service Pack 3 SP3. It describes how to obtain the service pack, the list of fixes included in the service pack, how to...
CVE-2020-16860
A remote code execution vulnerability exists in Microsoft Dynamics 365 on-premises when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. A...
CVE-2020-16862
A remote code execution vulnerability exists in Microsoft Dynamics 365 on-premises when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. A...
Remote code execution
A remote code execution vulnerability exists in Microsoft Dynamics 365 on-premises when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. A...
Remote code execution
A remote code execution vulnerability exists in Microsoft Dynamics 365 on-premises when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. A...
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Dynamics 365 on-premises when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. A...
Security Updates for Microsoft Dynamics 365 (on-premises) (September 2020)
The Microsoft Dynamics 365 on-premises is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics...
PT-2020-4022 · Microsoft · Dynamics 365
Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: A remote code execution issue exists due to the server's failure to properly sanitize web requests. An authenticated attacker could exploit this by sending a...
Microsoft Dynamics 365 (on-premises) 8.x < 8.2.3.0008 multiple vulnerabilities
The version of Microsoft Dynamics 365 on-premises installed on the remote Windows host is 8.x prior to 8.2.3.0008. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability exists due to an affected server not sanitizing the user input properly. An...
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Dynamics 365 on-premises when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. A...
Microsoft Dynamics 365 CVE-2018-8609 Remote Code Execution Vulnerability
Description Microsoft Dynamics 365 is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the SQL service account. Failed exploit attempts will result in denial-of-service conditions. Technologies Affected Microsoft Dynamics...
July 10, 2018—KB4338823 (Security-only update)
July 10, 2018—KB4338823 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections for an additional vulnerability involving side-channel speculativ...
Windows limited service account privilege escalation
By using security tokens located in process memory it's possible to escalate privileges from limited service account, such as Network Service or Microsoft SQL Service account...
CVE-2023-32785
LangChain (CVE-2023-32785) is affected by a SQL Injection via prompt injection in the SQLDatabaseChain. Versions