1377 matches found
CVE-2022-34006
Titan FTP Server NextGen (pre-1.2.1050) is affected by a flaw in the installation of Microsoft SQL Express 2019 where the SQL instance runs as SYSTEM with BUILTIN\Users as sysadmin. This configuration can allow an unprivileged Windows user to execute commands locally as NT AUTHORITY\SYSTEM (NX-I6...
Security Updates for Microsoft SQL Server (June 2022)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...
CVE-2022-29143
Microsoft SQL Server Remote Code Execution Vulnerability...
Remote code execution
Microsoft SQL Server Remote Code Execution Vulnerability...
CVE-2022-29143
CVE-2022-29143 describes a remote code execution vulnerability in Microsoft SQL Server where a specially crafted query against a table with a Column Store index can corrupt memory. Public details in the connected sources indicate exploitation could occur through authenticated access over network,...
CVE-2022-29143 Microsoft SQL Server Remote Code Execution Vulnerability
...
KLA12562 RCE vulnerability in Microsoft SQL Server
A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2022-29143 Related products Microsoft-SQL-Server Microsoft-Azure CVE list CVE-2022-29143 unknown KB list 5014354 5014353 50153...
Vulnerability fixed in Microsoft SQL Server
A vulnerability has been fixed in Microsoft SQL Server. The vulnerability allows an authenticated malicious person to execute arbitrary code, possibly as a Database Administrator, by executing a specially prepared query via the $ partition on a table where a Column Store index is present. Abuse o...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large-scale commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in Microsoft SQL Server. The following products and versions are affected:Microsoft SQL Server 2017 for x64-based Systems GDR,Microsoft SQL...
Metasploit Weekly Wrap-Up
Ask and you may receive Module suggestions for the win, this week we see a new module written by jheysel-r7 based on CVE-2022-26352 that happens to have been suggested by jvoisin in the issue queue last month. This module targets an arbitrary file upload in dotCMS versions before 22.03, 5.3.8.10,...
new packages: ansible-collection-microsoft-sql
An update is available for ansible-collection-microsoft-sql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release,...
ansible-collection-microsoft-sql bug fix and enhancement update
An update is available for ansible-collection-microsoft-sql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release,...
ALBA-2022:1971 ansible-collection-microsoft-sql bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
CVE-2022-30335
Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...
CVE-2022-30335
Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...
Sql injection
Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...
CVE-2022-30335
CVE-2022-30335 affects Bonanza Wealth Management System (BWM) 7.3.2. The vulnerability is a SQL injection in the login form, exploitable via the User Name textbox, which could enable an attacker to collect all passwords in encrypted format from the Microsoft SQL Server component. The connected do...
CVE-2022-30335
Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...
PT-2022-3130 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to insufficient input validation in Microsoft SQL Server, allowing a remote attacker to execute arbitrary code by sending a specially crafted SQL query. Th...
KLA12510 Spoofing vulnerability in Microsoft SQL Server
A spoofing vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2022-23292 Related products Microsoft-Power-BI CVE list CVE-2022-23292 warning KB list Solution Install necessary updates from the KB section...