1377 matches found
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A security vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to gain access to sensitive...
CVE-2023-30558
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...
CVE-2023-47800
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...
CVE-2022-34006
An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT...
CVE-2022-30335
Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...
CVE-2022-34005
An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...
CVE-2021-37614
In certain Progress MOVEit Transfer versions before 2021.0.3 aka 13.0.3, SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...
CVE-2020-0618
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'...
CVE-2019-1332
A cross-site scripting XSS vulnerability exists when Microsoft SQL Server Reporting Services SSRS does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'...
CVE-2019-0819
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'...
CVE-2019-1068
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'...
CVE-2002-1981
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the 1 spMSSetServerProperties or 2 spMSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings...
ansible-collection-microsoft-sql bug fix and enhancement update
An update is available for ansible-collection-microsoft-sql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release,...
KLA82402 PE vulnerability in Microsoft SQL Server
An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-29803 Related products Microsoft-SQL-Server Microsoft-SQL-Server-Management-Studio CVE list CVE-2025-29803 high Solution Insta...
📄 Microsoft SQL Server 2022 Missing Log Entry
Microsoft SQL Server 2022 fails to properly log when a security audit is configured for SERVERPERMISSIONCHANGEGROUP. Title: SQL Server 2022 Security Audit Failure Vulnerability Product: Microsoft SQL Server Affected Versions: 2022 RTM-CU18 KB5050771 Tested Versions: 2022 RTM-CU18 KB5050771 Fix:...
CentralSquare eTRAKiT 安全漏洞
CentralSquare eTRAKiT is a public online portal from CentralSquare, Inc. that interacts with internal community development systems. A security vulnerability exists in CentralSquare eTRAKiT version 3.2.1.77, which stems from improper input validation and could allow a remote, unauthenticated...
Linux Distros Unpatched Vulnerability : CVE-2015-8879
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause ...
Security Updates for Microsoft SQL Server (July 2024)
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-20701,...
Security Updates for Microsoft SQL Server (July 2024)
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-20701,...
Microsoft SQL Server Privilege Escalation
Microsoft SQL Server versions 2016, 2017, 2019, and 2022 suffer from multiple privilege escalation vulnerabilities to the SYSADMIN role. Title: Microsoft SQL Server Privilege Escalation from Control Server To Sysadmin role Product: Microsoft SQL Server Affected Versions: sql server...