1377 matches found
Microsoft SQL Server db_ddladmin Privilege Escalation Vulnerability
Microsoft SQL Server versions 2014 through 2022 suffers from a dbddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue. Title: SQL Server Privilege...
KLA62825 SB vulnerability in Microsoft SQL Server
A security feature bypass vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2024-0056 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-SQL-Server CVE list...
Microsoft SQL Server Security Vulnerability
Microsoft SQL Server is a large commercial database system from Microsoft that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. An attacker could exploit the vulnerability to bypass certain functionality. The following products and versions are affected:...
Security Updates for Microsoft SQL Server (January 2024)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions...
SA-2023-12-19-CVE-2023-39336
SECURITY ADVISORY 2023-12-19 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU4 and all prior versions. More information can be found here: CVE-2023-39336 Full details Please log into the community to access the full details page. Vulnerability...
Legba - A Multiprotocol Credentials Bruteforcer / Password Sprayer And Enumerator
Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools see the benchmark below. For the building instructions, usa...
CVE-2023-47800
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...
Default credentials
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...
CVE-2023-47800
CVE-2023-47800 affects Natus NeuroWorks and SleepWorks prior to version 8.4 GMA3. The root cause is a default password (xltek) on the Microsoft SQL Server service account sa, enabling a threat actor to perform remote code execution, data exfiltration, or data/tampering and disruption of MSSQL ser...
PT-2023-30615 · Natus +1 · Natus Neuroworks +2
Name of the Vulnerable Software and Affected Versions: Natus NeuroWorks and SleepWorks versions prior to 8.4 GMA3 Description: The issue arises from the use of a default password xltek for the Microsoft SQL Server service sa account in Natus NeuroWorks and SleepWorks. This allows a threat actor t...
Security Updates for Microsoft SQL Server ODBC Driver (October 2023)
The Microsoft SQL Server ODBC Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities. - An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2023-36417, CVE-2023-36420,...
Security Updates for Microsoft SQL Server OLE DB Driver (October 2023)
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities. - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...
CVE-2023-36728
Microsoft SQL Server Denial of Service Vulnerability...
CVE-2023-36417
Microsoft SQL OLE DB Remote Code Execution Vulnerability...
Remote code execution
Microsoft SQL OLE DB Remote Code Execution Vulnerability...
Denial of service
Microsoft SQL Server Denial of Service Vulnerability...
CVE-2023-36417 Microsoft SQL OLE DB Remote Code Execution Vulnerability
...
CVE-2023-36417 Microsoft SQL OLE DB Remote Code Execution Vulnerability
...
CVE-2023-36728 Microsoft SQL Server Denial of Service Vulnerability
...
KLA61355 Multiple vulnerabilities in Microsoft SQL Server
Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft ODBC Driver for SQL Server can be...