Red-Gate SQL Monitor < 3.10 / 4.2 - Authentication Bypass

Exploit Title: Red-Gate SQL Monitor authentication bypass Version: Redgate SQL Monitor before 3.10 and 4.x before 4.2 Date: 2017-08-10 Red-Gate made a security announcement and publicly released the fixed version more than two years before this exploit was published Vendor Advisory:...

Redgate SQL Monitor Arbitrary SQL Command Execution Vulnerability

Redgate SQL Monitor is a SQL Server monitor that monitors and analyzes database and task operations in real time and generates PDF documents. A security vulnerability exists in Redgate SQL Monitor, which can be exploited by a local attacker to submit a special request, gain access to Base Monitor...

Sql injection

In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an...

CVE-2015-9098

In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an...

CVE-2015-9098

CVE-2015-9098 affects Redgate SQL Monitor versions prior to 3.10 and 4.x prior to 4.2. A remote unauthenticated attacker can gain access to the Base Monitor and execute arbitrary SQL commands on any monitored Microsoft SQL Server machines; if the Base Monitor connects using an account with SQL ad...