1377 matches found
KLA20235 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft SQL Server...
PT-2023-1527 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue exists due to insufficient input validation in the database management system, allowing a remote attacker to execute arbitrary code. This can affect the system...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large-scale commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in Microsoft SQL Server. The following products and editions are affected:Microsoft SQL Server 2017 for x64-based Systems GDR,Microsoft SQL...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in SQL Server. The following products and versions are affected:Microsoft SQL Server 2017 for x64-based Systems GDR,Microsoft SQL Server 2014 Servic...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in SQL Server. The following products and versions are affected:Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity...
KLA20230 Multiple vulnerabilities in Microsoft SQL Server
Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft SQL Server can be exploited remotely t...
CVE-2023-21681
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...
CVE-2022-44014
An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...
CVE-2022-44015
An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xpcmdshell extended procedure...
ansible-collection-microsoft-sql bug fix and enhancement update
An update is available for ansible-collection-microsoft-sql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release,...
Simmeth System Supplier Manager SQL注入漏洞
Simmeth System Supplier Manager is a supply chain software from Simmeth System GmbH, Germany.A SQL injection vulnerability exists in versions prior to Simmeth System GmbH Supplier Manager 5.6. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...
Microsoft SQL Server DB Compliance Checks
Binary data mssqldbcompliancecheck.nbin...
Description of the security update for SharePoint Foundation 2013: October 11, 2022 (KB5002284)
Description of the security update for SharePoint Foundation 2013: October 11, 2022 KB5002284 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...
Hundreds of Microsoft SQL servers found to be backdoored
Researchers at DCSO CyTec recently found a backdoor that specifically targets Microsoft SQL servers. The malware acts as an Extended Stored Procedure, which is a special type of extension used by Microsoft SQL servers. After scanning approximately 600,000 servers worldwide, they found 285 servers...
EUVD-2022-38709
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...
CVE-2022-36120
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative...
CVE-2022-34005
An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...
CVE-2022-34006
An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT...
Design/Logic Flaw
An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT...
Remote code execution
An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...