CVE-2022-34005

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...

CVE-2022-29143

Microsoft SQL Server Remote Code Execution Vulnerability...

CVE-2022-30335

Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...

Microsoft SQL Server 权限许可和访问控制问题漏洞

Microsoft SQL Server is a large commercial database system used under Microsoft Windows from Microsoft Corporation Microsoft. Details are not available at this time...

The vulnerability of the Microsoft SQL Server relational database management system arises from insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the Microsoft SQL Server relational database management system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2021-1636

Microsoft SQL Elevation of Privilege Vulnerability...

PT-2021-1604 · Microsoft · Sql Server

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to insufficient input validation in Microsoft SQL Server, which can be exploited by a remote attacker to execute arbitrary code. This is an...

KB3162659 - Cumulative Update 7 for SQL Server 2014 SP1

KB3162659 - Cumulative Update 7 for SQL Server 2014 SP1 This article describes cumulative update package 7 build number: 12.0.4459.0 for Microsoft SQL Server 2014 Service Pack 1 SP1. This update contains fixes that were released after the release of SQL Server 2014 SP1. Cumulative update Cumulati...

The vulnerability of the Microsoft JET Database Engine driver for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft JET Database Engine driver for Windows operating systems is related to incorrect handling of objects in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...

WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools RATs and cryptominers. Named "Vollgar " after the...

The vulnerability of the Microsoft SQL Server relational database management system, related to insufficient validation of input data, allows attackers to execute arbitrary code.

The vulnerability of the Microsoft SQL Server relational database management system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2019-4703

IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information...

CVE-2019-10123

SQL Injection in Advanced InfoData Systems AIS ESEL-Server 67 which is the backend for the AIS logistics mobile app allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user...

The vulnerability of the Microsoft SQL Server Management Studio database management system, related to errors in XML references to external objects (XXE), allows for the disclosure of sensitive information.

The vulnerability of the Microsoft SQL Server Management Studio database management system is related to errors in XML references to external objects XXE. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information using a specially crafted file...

The vulnerability of the Microsoft JET Database Engine driver for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft JET Database Engine for Windows operating systems arises due to buffer overflow in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created Excel file...

CVE-2016-7253

The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."...

CVE-2016-7252

Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnerability."...

Microsoft SQL Server Information Disclosure Vulnerability

Microsoft SQL Server is the United States Microsoft Microsoft company develops and maintains a set of applications in the Microsoft Windows system under the large commercial database system. An information disclosure vulnerability exists in Microsoft SQL Server. An attacker can exploit the...

Microsoft SQL Server RDBMS Engine Elevation of Privilege Vulnerability

Microsoft SQL Server is the United States Microsoft Microsoft company develops and maintains a set of applications in the Microsoft Windows system under the large commercial database system. An elevation of privilege vulnerability exists in the Microsoft SQL Server RDBMS engine. An attacker can...

Windows-Exploit-Suggester v3.2 - Compares a targets patch levels against the Microsoft vulnerability database

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. It requires the 'systeminfo' comman...