Vulnerabilities fixed in Micorosft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. The vulnerabilities are located in the various ODBC and OLE DB drivers and allow a malicious party to execute arbitrary code execute application privileges, potentially gaining access gain access to sensitive data. Successful abuse requires the...

Employee Management System v1 - (email) SQL Injection Vulnerability

Exploit Title: Employee Management System v1 - 'email' SQL Injection Application: Employee Management System Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

CVE-2024-1102

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat...

"Failed to connect to the database." Updater Configuration Check

Challenge When updating Veeam Backup & Replication the Configuration Check fails with either: Failed to connect to PostgreSQL server localhost:5432. An existing connection was forcibly closed by the remote host SSPI authentication failed for user Cause The account being used to run the update...

PT-2023-30397 · Unknown · Dokmee Ecm

Name of the Vulnerable Software and Affected Versions: Dokmee ECM version 7.4.6 Description: The issue allows remote code execution due to the response to a "GettingStarted/SaveSQLConnectionAsync //gettingstarted" request containing a connection string for privileged SQL Server database access...

Privilege Escalation

apache-superset is vulnerable to Privilege Escalation. The vulnerability is due to the default examples database connection. An attacker can exploit this flaw via using a specially crafted CTE SQL statement and as a result could tamper with the authentication / authorization data...

Authorization

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

Veeam ONE Security Vulnerability

Veeam ONE is a suite of IT monitoring and reporting tools from Veeam USA. The product supports features such as backup monitoring, operational status monitoring of virtual and physical environments. A security vulnerability exists in Veeam ONE versions 11, 11a, and 12 that originated from allowin...

PT-2023-6761 · Veeam · Veeam One

Name of the Vulnerable Software and Affected Versions: Veeam ONE affected versions not specified Description: The issue is related to access control errors in the Veeam ONE web client, allowing an unprivileged user with access to the web client to acquire the NTLM hash of the account used by the...

Unable to launch resources or Studio - connection between broker service and database has been lost

Users unable to launch resources such as published applications and desktops. Administrators unable to use Studio to manage environment. When checking event viewer logs on the DDC, we see event 1201 warning: When accessing the SQL Database, below error is see:...

CVAD II Unable to connect to Database from DDC and getting an error "reenter controller address"

Re-enter controller address on DDC error on sql : SSPI Handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed You will be able to find the authentication failures/logon...

CVE-2023-42454

SQLpage CVE-2023-42454 affects versions before 0.11.1 where an exposed SQLPage instance stores the database connection string in sqlpage/sqlpage.json and the web_root is the default, allowing an attacker who can access the instance and the database to retrieve credentials and connect directly. Th...

CVE-2023-42454 SQLpage vulnerable to public exposure of database credentials

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

Apache Superset Security Bypass Vulnerability (CNVD-2024-06820)

Apache Superset is an open source data visualization tool based on Python. Apache Superset suffers from a security bypass vulnerability that can be exploited by an attacker to test a database connection...

Apache Superset Security Bypass Vulnerability (CNVD-2024-06819)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset version 2.1.0 and earlier, which can be exploited by an attacker to register a SQLite database connection...

CVE-2023-39265

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...

Apache Superset 代码问题漏洞

Apache Superset is an open source data visualization tool based on Python. Apache Superset suffers from a security bypass vulnerability that can be exploited by an attacker to test a database connection...

CVE-2023-25848

ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database...

Information disclosure

ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database...