SharePoint 2010 Foundation vs Enterprise Security Vulnerability Patch

We have a little confusion here as to which security patches we should be applying to our SharePoint 2010 Enterprise farm. The following states there is a patch for Foundation Server, but nothing for Enterprise 2010 Server. Why is this? Is the security patch covered elsewhere? Where?

https://www.cvedetails.com/cve/CVE-2019-1260/

Thanks

Alternative Database Vulnerability Scanner to NCC Squirrel [on hold]

I’m looking to replace a database vulnerability scanner (NCC Squirrel) that is currently used to scan a number of Microsoft SQL and Oracle databases, as the software is going out of support. Does anybody (maybe in the same position?) have any recommendations regarding alternatives that have similar functionality with a focus on hardening and compliance scanning with credentials? So far, Nessus by Tenable is considered as the main candidate to replace it. Thanks for any advice.

Misconfiguration security vulnerability disclosure

I accidently discovered a misconfiguration (?) security vulnerability: Workstation managing system is publicly exposed with default credentials. admin/admin

The system contains arround 2k workstations with functionality such as software deployment, wiping, remote device control, etc.

I really would like to inform the company, not sure what is the best way to do that?

Is it okay to use for example hackerone or some similar service? Should I just send the email? If so to whom?

I am not sure if by trying that login combination I did not violated any laws? I found the system by a search engine, when was looking for the product demo.

How can I run SQL Server Vulnerability Assessment from a SQL Job?

I want to run SQL Server Vulnerability Assessment from a SQL Server Agent Job. Currently, I am attempting a job with a PowerShell script and am running a command like the one below.

Invoke-SqlVulnerabilityAssessmentScan -ServerInstance $  (ESCAPE_DQUOTE(SRVR)) -Database AdventureWorks 

I have confirmed that Invoke-SqlVulnerabilityAssessmentScan is available on the SQL Server (I can run it from the PowerShell command prompt there), but when I run my job, I receive an error stating that

The term ‘Invoke-SqlVulnerabilityAssessmentScan’ is not recognized as the name of a cmdlet

After looking at this Microsoft article, I am wondering if SQL Agent only has a subset of PowerShell cmdlets that it can access.

How can I run the vulnerability assessment scan from a SQL Job?

Protect server in CTF challenge when exploting input() vulnerability in python

There was this challenge in one of the CTF’s I played in which you had to exploit the input vulnerability of Python 2.x . I was just wondering that since the input function in Python 2.x is same as eval(raw_input()) you could basically give a power off or move into another directory. How do you setup the server such that you can prevent people from doing that but also let them allow you to exploit the vulnerability?

Exploiting SQL-Injection Vulnerability in Oxid eShop CE 6.0.2 with SQLMAP

i installed Oxid eShop CE 6.0.2 on my local webserver to analyze the last sql-injection vulnerability in this webapp. I found out that it is possible to inject sql-code via the sorting-Parameter (GET). So with the following url, I am able to execute sql code (as you can see):

  • localhost/oxid/test/source/en/Wakeboarding/Wakeboards/Wakeboard-SHANE.html?sorting=oxtitle|ASC,(SELECT%20sleep(20))

How can I exploit this vulnerability with SQLMAP?

WPAD (badWPAD vulnerability) should I disable or not?

Hi I have read recently very bad things about WPAD vulnerability for example here nakedsecurity.sophos.com/2016/05/25/when-domain-names-attack-the-wpad-name-collision-vulnerability/ (article from 2016) or here blog.redteam.pl/2019/05/badwpad-dns-suffix-wpad-wpadblocking-com.html. (article from 2019) How to defend against it? If I only use wifi only from my home network, am I also at risk? Should I disable it?

Thanks in advance

Microsoft Outlook Vulnerability CVE-2018-8587 – How likely is exploitation?

I found an interesting blog post A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587 about Microsoft Outlook heap buffer overflow vulnerability where is described how Microsoft Outlook can be exploited by using specially crafted mail classification rules file (RWZ).

To reproduce this vulnerability, we need to run Microsoft Outlook, then click “Rules => Manage Rules&Alerts => Options => Import Rules” and select the PoC file which causes Outlook to crash.

enter image description here

In the end they are writing:

Applying this patch is critical since an attacker who successfully exploits this vulnerability could use a specially crafted file to perform actions in the security context of the current user.

But how likely is that someone could exploit this vulnerability? I mean an attacker needs to send this malicious file to a user who needs to actively import this file which exploits this heap buffer overflow bug. It seems to me completely different from such attacks where an attacker sends a malicious PDF document which exploits some vulnerability in Adobe Reader. Here you need to actively hack yourself (similar to self-XSS in web security).

Even Microsoft states:

To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

So this bug seems to be somewhat useless and very unlikely to exploit?