12 matches found
CVE-2025-59920
CVE-2025-59920 affects time@work v7.0.5: when hours are entered, a query to display a user’s assigned projects can be exposed. Copying the query URL and opening it in a new browser window makes the ‘IDClient’ parameter vulnerable to blind authenticated SQL injection. If the attacker uses a TWAdmi...
CVE-2025-59920 SQL injection in time@work from systems@work
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...
CVE-2025-62575
NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures...
Microsoft SQL Server Privilege Escalation
Microsoft SQL Server versions 2016, 2017, 2019, and 2022 suffer from multiple privilege escalation vulnerabilities to the SYSADMIN role. Title: Microsoft SQL Server Privilege Escalation from Control Server To Sysadmin role Product: Microsoft SQL Server Affected Versions: sql server...
CVE-2024-28100
eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...
CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw
eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...
Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SUSERSNAME SQL Logins Enumeration', 'Description' = %q This module can be used to obtain a list of all logins from a SQL...
Microsoft SQL Server Escalate Db_Owner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server Escalate DbOwner', 'Description' = %q This module can be used to escalate privileges to sysadmin if the user has the dbowner...
Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility
Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems. The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for their use of...
Microsoft SQL Server Escalate Db_Owner
This module can be used to escalate privileges to sysadmin if the user has the dbowner role in a trustworthy database owned by a sysadmin user. Once the user has the sysadmin role the msssqlpayload module can be used to obtain a shell on the system. This module requires Metasploit:...
Nmap NSE net: ms-sql-hasdbaccess
Queries Microsoft SQL Server ms-sql for a list of databases a user has access to. The script needs an account with the sysadmin server role to work. It needs to be fed credentials through the script arguments or from the scripts 'mssql-brute' or 'mssql-empty- password'. When run, the script...
ms-sql-xp-cmdshell NSE Script
Attempts to run a command using the command shell of Microsoft SQL Server ms-sql. SQL Server credentials required: Yes use ms-sql-brute, ms-sql-empty-password and/or mssql.username & mssql.password Run criteria: Host script: Will run if the mssql.instance-all, mssql.instance-name or...