Rockwell Automation Factory Talk VantagePoint Access Control Error Vulnerability

Rockwell Automation Factory Talk VantagePoint is an advanced industrial application ecosystem from Rockwell Automation, Inc. An access control error vulnerability exists in Rockwell Automation Factory Talk VantagePoint, which stems from improper access control of its FactoryTalk VantagePoint...

sqlserver is malware

The sqlserver package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security conce...

fd-api-integration (>=0.0.2 <=0.0.9) potentially affected by CVE-2017-16055 via sqlserver (=1.0.2)

sqlserver NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on sqlserver and may be impacted: - fd-api-integration =0.0.2, =0.0.9 Source cves: CVE-2017-16055 Source advisory: OSV:GHSA-3RH7-VM4X-Q2HP...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

CVE-2017-16055

CVE-2017-16055 corresponds to the npm package sqlserver, a malware module published to hijack environment variables. Connected sources confirm the malicious behavior (steals env vars and exfiltrates to attacker-controlled locations) and note that all versions have been unpublished from npm. The N...

Hijacked Environment Variables

Overview The sqlserver package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

jeecms V2.4.2 ArtiSearch.do 远程命令执行漏洞

0x01 框架概述 江西金磊科技发展有限公司（以下简称金磊科技）成立于2003年，旗下产品JEECMS内容管理系统是国内java开源CMS行业知名度最高、用户量最大的站群管理系统。金磊科技是一家专注java WEB应用软件研发高新技术企业。Jeecms是基于java技术研发的站群管理系统，稳定、安全、高效、跨平台、 无限扩展是jeecms 的优点，系统支持mysql、oracle、sqlserver、db2等主流 数据库。 主页：http://www.jeecms.com 0x02 漏洞细节 谷歌搜索：inurl:jeecms/ArtiSearch.do 涉及大量案例 漏洞证明：...

Microsoft SQL Server TDS Packet Fragment Handling Buffer Overflow - Ver2 (CVE-2004-1560)

A buffer overflow vulnerability has been reported in Microsoft SQLServer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

Security expert: do not ignore the URL vulnerability-vulnerability warning-the black bar safety net

Some time ago, the public security organs cracked a network company program theft cases, the analysis a bit, the main problem still lies in URL vulnerability. To test whether the presence of the URL vulnerabilities, the most simple method is in the Request. QueryString added to a’, as shown in th...

How to hack PCAnyWhere password-vulnerability warning-the black bar safety net

Since NT machines generally use PCAnyWhere for remote administration,Win2K machines generally use a terminal for remote management,so if we can get the PCAnyWhere remote connection account and password,then you can remote connection to the host. The key is to get to the PCAnyWhere password file...

CVE-2007-4814

Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL sqldmo.dll 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method...

Buffer overflow

Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL sqldmo.dll 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method...

CVE-2007-4814

CVE-2007-4814 affects the SQL Server Distributed Management Objects (DMO) ActiveX control sqldmo.dll. A buffer overflow in the Start method is triggered by a long argument, enabling remote code execution. Exploitation details are documented in SAINT references, with note that exploits exist for M...

CVE-2007-4814

Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL sqldmo.dll 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method...