4529 matches found
CVE-2025-29803
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally...
CVE-2025-29803 Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability
...
CVE-2025-29803
CVE-2025-29803 affects Microsoft Visual Studio Tools for Applications (VSTA) 2019 (before 16.0.35907.0) and VSTA 2022 (before 17.0.35906.0) and SQL Server Management Studio. The vulnerability is due to an uncontrolled search path element, enabling an authorized attacker to escalate privileges loc...
CVE-2025-29803 Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability
...
Security Updates for SQL Server Management Studio (April 2025)
The SQL Server Management Studio installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2025-29803 %NASLMINLEVEL 70300 C Tenab...
Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally...
KLA82402 PE vulnerability in Microsoft SQL Server
An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-29803 Related products Microsoft-SQL-Server Microsoft-SQL-Server-Management-Studio CVE list CVE-2025-29803 high Solution Insta...
PT-2025-15719 · Microsoft · Sql Server Management Studio +1
Name of the Vulnerable Software and Affected Versions: Visual Studio Tools for Applications version 16.0 SQL Server Management Studio affected versions not specified Description: The issue is related to an uncontrolled search path element in Visual Studio Tools for Applications and SQL Server...
KLA82405 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in ASP.NET Core and Visual Studi...
Microsoft Visual Studio 代码问题漏洞
Microsoft Visual Studio is a family of development tool suites and a largely complete set of development tools from Microsoft Corporation USA that includes most of the tools needed throughout the software lifecycle. A code issue vulnerability exists in Microsoft Visual Studio. An attacker could...
📄 Microsoft SQL Server 2022 Missing Log Entry
Microsoft SQL Server 2022 fails to properly log when a security audit is configured for SERVERPERMISSIONCHANGEGROUP. Title: SQL Server 2022 Security Audit Failure Vulnerability Product: Microsoft SQL Server Affected Versions: 2022 RTM-CU18 KB5050771 Tested Versions: 2022 RTM-CU18 KB5050771 Fix:...
CentralSquare eTRAKiT 安全漏洞
CentralSquare eTRAKiT is a public online portal from CentralSquare, Inc. that interacts with internal community development systems. A security vulnerability exists in CentralSquare eTRAKiT version 3.2.1.77, which stems from improper input validation and could allow a remote, unauthenticated...
NocoDB Cross-Site Scripting Vulnerability (CNVD-2025-05387)
NocoDB is an open source Airtable alternative. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb to a smart spreadsheet. A cross-site scripting vulnerability exists in NocoDB versions prior to 0.258.0, which stems from the lack of effective filtering and escaping of user-supplied data...
Linux Distros Unpatched Vulnerability : CVE-2015-8879
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause ...
Linux Distros Unpatched Vulnerability : CVE-2017-11509
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. CVE-2017-115...
Under The Hoodie: The Pen Test Diaries
Breaking In So You Don’t Have To Each year, Rapid7 penetration testers conduct over 1,000 security assessments, pushing boundaries to expose vulnerabilities before the bad guys do. The mission? Get in, escalate privileges, and own the environment—physically, digitally, or sometimes just by...
Security Updates for Microsoft SQL Server (July 2024)
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-20701,...
Security Updates for Microsoft SQL Server (July 2024)
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-20701,...
Microsoft SQL Server Privilege Escalation
Microsoft SQL Server versions 2016, 2017, 2019, and 2022 suffer from multiple privilege escalation vulnerabilities to the SYSADMIN role. Title: Microsoft SQL Server Privilege Escalation from Control Server To Sysadmin role Product: Microsoft SQL Server Affected Versions: sql server...
CVE-2024-27941
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database...