1294 matches found
CVE-2021-33583
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...
The vulnerability of the MSCOMCTL.OCX component in the Microsoft Office software, the Microsoft SQL Server relational database management system, the Microsoft Commerce Server e-commerce software, and the Microsoft Visual FoxPro database development environment allows a perpetrator to execute arbitrary code.
The vulnerability of the MSCOMCTL.OCX component in the Microsoft Office software, the Microsoft SQL Server relational database management system, the Microsoft Commerce Server e-commerce software, and the Microsoft Visual FoxPro database development environment is related to code generation error...
CVE-2021-37614
In certain Progress MOVEit Transfer versions before 2021.0.3 aka 13.0.3, SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...
Sql injection
In Progress MOVEit Transfer before 2019.0.6 11.0.6, 2019.1.x before 2019.1.5 11.1.5, 2019.2.x before 2019.2.2 11.2.2, 2020.x before 2020.0.5 12.0.5, 2020.1.x before 2020.1.4 12.1.4, and 2021.x before 2021.0.1 13.0.1, a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in th...
Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2020-1720
Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Robotic Process...
Sql injection
In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...
CVE-2021-31827
In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...
Security Bulletin: Search path vulnerability in PostgreSQL Server bundled in IBM Robotic Process Automation with Automation Anywhere (CVE-2020-14349, CVE-2020-14350)
Summary The version of PostgreSQL server bundled with IBM Robotic Process Automation with Automation Anywhere did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw to execute arbitrary SQL command in the context of the user used for...
Tennessee Valley Authority: SQL Injection on https://soa-accp.glbx.tva.gov/ via "/api/" path - VI-21-015
Summary: i've found this subdomain soa-accp.glbx.tva.gov also is vulnerable to SQLI through /api/ path Steps To Reproduce: https://soa-accp.glbx.tva.gov/api/river/observed-data/GVDA1'+%2f!50000union%2f+SELECT+HOSTNAME--+- hostname dumped...
Vulnerability fixed in Microsoft SQL Server
A vulnerability has been fixed in the Microsoft SQL product group. Server. The vulnerability is in the Power BI application. The vulnerability enables an authenticated remote malicious person to able to obtain sensitive information. Power BI:...
KLA12113 OSI vulnerability in Microsoft SQL Server
An information disclosure vulnerability was found in Microsoft SQL Serverl. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2021-26859 Related products Microsoft-Power-BI CVE list CVE-2021-26859 critical KB list 5001285 5001284 Solution...
Exploit for CVE-2019-1068
CVE-2019-1068 Root cause analysis and PoC for a Microsoft SQL...
Security Updates for Microsoft SQL Server (January 2021)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability. An authenticated, remote attacker can exploit this issue, to gain elevated privileges. Note that Nessus has not tested for this issue but h...
Patch Tuesday - January 2021
We arrive at the first Patch Tuesday of 2021 2021-Jan with 83 vulnerabilities across our standard spread of products. Windows Operating System vulnerabilities dominated this month's advisories, followed by Microsoft Office which includes the SharePoint family of products, and lastly some from les...
Microsoft SQL Server SQL Injection Vulnerability
Microsoft SQL Server is a large commercial database system from Microsoft that is used under Microsoft Windows. A SQL injection vulnerability exists in Microsoft SQL Server. The following products and versions are affected:Microsoft SQL Server 2019 for x64-based Systems GDR,Microsoft SQL Server...
KLA12043 PE vulnerability in Microsoft SQL Server
An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2021-1636 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-SQL-Server CVE list CVE-2021-1636...
KB941203 - MS08-040: Vulnerabilities in Microsoft SQL Server could allow elevation of privilege
Resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of the system.INTRODUCTIONMicrosoft has released security bulletin MS08-040. To view the complete security bulletin, visit one of the followi...
KB2958429 - Bugs that are fixed in SQL Server 2012 Service Pack 2
KB2958429 - Bugs that are fixed in SQL Server 2012 Service Pack 2 Introduction This article lists the bugs that are fixed in Microsoft SQL Server 2012 Service Pack 2 SP2. Notes Additional fixes that are not documented here may also be included in the service pack. This list will be updated when...
KB3045311 - MS15-058: Description of the security update for SQL Server 2008 Service Pack 4 GDR: July 14, 2015
KB3045311 - MS15-058: Description of the security update for SQL Server 2008 Service Pack 4 GDR: July 14, 2015 Summary This update resolves vulnerabilities in Microsoft SQL Server that could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed t...
KB2674319 - Bugs that are fixed in SQL Server 2012 Service Pack 1
KB2674319 - Bugs that are fixed in SQL Server 2012 Service Pack 1 INTRODUCTION This article lists the bugs that are fixed in Microsoft SQL Server 2012 Service Pack 1 SP1. Notes Additional fixes that are not documented here may also be included in the service pack. This list will be updated when...