1417 matches found
ALEA-2021:4283 new packages: ansible-collection-microsoft-sql
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
new packages: ansible-collection-microsoft-sql
An update is available for ansible-collection-microsoft-sql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release,...
KLA12344 SUI vulnerability in Microsoft SQL Server
A spoofing vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2021-41372 Related products Microsoft-Power-BI CVE list CVE-2021-41372 critical KB list 5007903 Solution Install necessary updates from the K...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in Microsoft SQL Server. The vulnerability allows a malicious party to launch Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attack. execute. By combining the two methods, an attacker can execute arbitrary code on the server under the privileges o...
Build Smart ERP 21.0817 - (eidValue) SQL Injection Vulnerability
Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection Unauthenticated Exploit Author: Nehru Sethuraman Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart Version: 21.0817 Build: 3 Google Dorks: intitle:buildsmart accounting Tested on: OS - Windows 2012 R2 or 8.1 &...
Build Smart ERP 21.0817 SQL Injection
Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection Unauthenticated Date: 24/10/2021 Exploit Author: Nehru Sethuraman Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart Version: 21.0817 Build: 3 Google Dorks: intitle:buildsmart accounting Tested on: OS - Windows 2012 ...
CVE-2021-33583
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...
Hardcoded credentials
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...
CVE-2021-33583
REINER timeCard 6.05.07 contains hardcoded sa credentials in TCServer.jar, enabling a Microsoft SQL Server instance that can be remotely accessed as sa. Red Hat and CNNVD entries corroborate that the password is hardcoded and can lead to remote access and command execution via the publicly reacha...
CVE-2021-33583
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...
The vulnerability of the MSCOMCTL.OCX component in the Microsoft Office software, the Microsoft SQL Server relational database management system, the Microsoft Commerce Server e-commerce software, and the Microsoft Visual FoxPro database development environment allows a perpetrator to execute arbitrary code.
The vulnerability of the MSCOMCTL.OCX component in the Microsoft Office software, the Microsoft SQL Server relational database management system, the Microsoft Commerce Server e-commerce software, and the Microsoft Visual FoxPro database development environment is related to code generation error...
CVE-2021-37614
In certain Progress MOVEit Transfer versions before 2021.0.3 aka 13.0.3, SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...
Sql injection
In Progress MOVEit Transfer before 2019.0.6 11.0.6, 2019.1.x before 2019.1.5 11.1.5, 2019.2.x before 2019.2.2 11.2.2, 2020.x before 2020.0.5 12.0.5, 2020.1.x before 2020.1.4 12.1.4, and 2021.x before 2021.0.1 13.0.1, a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in th...
Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2020-1720
Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Robotic Process...
Sql injection
In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...
CVE-2021-31827
In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...
Security Bulletin: Search path vulnerability in PostgreSQL Server bundled in IBM Robotic Process Automation with Automation Anywhere (CVE-2020-14349, CVE-2020-14350)
Summary The version of PostgreSQL server bundled with IBM Robotic Process Automation with Automation Anywhere did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw to execute arbitrary SQL command in the context of the user used for...
Tennessee Valley Authority: SQL Injection on https://soa-accp.glbx.tva.gov/ via "/api/" path - VI-21-015
Summary: i've found this subdomain soa-accp.glbx.tva.gov also is vulnerable to SQLI through /api/ path Steps To Reproduce: https://soa-accp.glbx.tva.gov/api/river/observed-data/GVDA1'+%2f!50000union%2f+SELECT+HOSTNAME--+- hostname dumped...
KLA12113 OSI vulnerability in Microsoft SQL Server
An information disclosure vulnerability was found in Microsoft SQL Serverl. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2021-26859 Related products Microsoft-Power-BI CVE list CVE-2021-26859 critical KB list 5001285 5001284 Solution...
Vulnerability fixed in Microsoft SQL Server
A vulnerability has been fixed in the Microsoft SQL product group. Server. The vulnerability is in the Power BI application. The vulnerability enables an authenticated remote malicious person to able to obtain sensitive information. Power BI:...