Tag
high
advisory
SQL Server Critical Procedures Enabled Leading to Potential Code Execution or Reconnaissance
2 rules 2 TTPsModification of critical SQL Server configuration options, such as 'Ad Hoc Distributed Queries', 'external scripts enabled', 'Ole Automation Procedures', 'clr enabled', and 'clr strict security', can enable attackers to perform Active Directory reconnaissance and execute arbitrary code, potentially leading to code execution or reconnaissance activities.
SQL Server +3
sql-server
code-execution
reconnaissance
windows
2r
2t
critical
advisory
SQL Server Untrusted Pointer Dereference Vulnerability (CVE-2026-33120)
2 rules 1 TTP 1 CVECVE-2026-33120 is an untrusted pointer dereference vulnerability in Microsoft SQL Server that allows an authenticated attacker to achieve remote code execution over a network.
sql-server
rce
vulnerability
2r
1t
1c
medium
threat
MSSQL xp_cmdshell Stored Procedure Abuse for Persistence
2 rules 2 TTPsAttackers may leverage the xp_cmdshell stored procedure in Microsoft SQL Server to execute arbitrary commands for privilege escalation and persistence, often bypassing default security configurations.
SQL Server
persistence
sql-server
xp_cmdshell
windows
2r
2t