CVE-2021-37614

In certain Progress MOVEit Transfer versions before 2021.0.3 aka 13.0.3, SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

Sql injection

In Progress MOVEit Transfer before 2019.0.6 11.0.6, 2019.1.x before 2019.1.5 11.1.5, 2019.2.x before 2019.2.2 11.2.2, 2020.x before 2020.0.5 12.0.5, 2020.1.x before 2020.1.4 12.1.4, and 2021.x before 2021.0.1 13.0.1, a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in th...

Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2020-1720

Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Robotic Process...

Sql injection

In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...

CVE-2021-31827

In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...

Security Bulletin: Search path vulnerability in PostgreSQL Server bundled in IBM Robotic Process Automation with Automation Anywhere (CVE-2020-14349, CVE-2020-14350)

Summary The version of PostgreSQL server bundled with IBM Robotic Process Automation with Automation Anywhere did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw to execute arbitrary SQL command in the context of the user used for...

Tennessee Valley Authority: SQL Injection on https://soa-accp.glbx.tva.gov/ via "/api/" path - VI-21-015

Summary: i've found this subdomain soa-accp.glbx.tva.gov also is vulnerable to SQLI through /api/ path Steps To Reproduce: https://soa-accp.glbx.tva.gov/api/river/observed-data/GVDA1'+%2f!50000union%2f+SELECT+HOSTNAME--+- hostname dumped...

Vulnerability fixed in Microsoft SQL Server

A vulnerability has been fixed in the Microsoft SQL product group. Server. The vulnerability is in the Power BI application. The vulnerability enables an authenticated remote malicious person to able to obtain sensitive information. Power BI:...

KLA12113 OSI vulnerability in Microsoft SQL Server

An information disclosure vulnerability was found in Microsoft SQL Serverl. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2021-26859 Related products Microsoft-Power-BI CVE list CVE-2021-26859 critical KB list 5001285 5001284 Solution...

Exploit for CVE-2019-1068

CVE-2019-1068 Root cause analysis and PoC for a Microsoft SQL...

Security Updates for Microsoft SQL Server (January 2021)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability. An authenticated, remote attacker can exploit this issue, to gain elevated privileges. Note that Nessus has not tested for this issue but h...

Patch Tuesday - January 2021

We arrive at the first Patch Tuesday of 2021 2021-Jan with 83 vulnerabilities across our standard spread of products. Windows Operating System vulnerabilities dominated this month's advisories, followed by Microsoft Office which includes the SharePoint family of products, and lastly some from les...

CVE-2021-1636

Microsoft SQL Elevation of Privilege Vulnerability...

Privilege escalation

Microsoft SQL Elevation of Privilege Vulnerability...

CVE-2021-1636 Microsoft SQL Elevation of Privilege Vulnerability

...

KLA12043 PE vulnerability in Microsoft SQL Server

An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2021-1636 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-SQL-Server CVE list CVE-2021-1636...

Microsoft SQL Server SQL Injection Vulnerability

Microsoft SQL Server is a large commercial database system from Microsoft that is used under Microsoft Windows. A SQL injection vulnerability exists in Microsoft SQL Server. The following products and versions are affected:Microsoft SQL Server 2019 for x64-based Systems GDR,Microsoft SQL Server...

SQL Injection Vulnerability in RaiseDreams Crowdfunding System pr***.aspx File

RaiseDreams crowdfunding system is an enterprise-level crowdfunding website platform for financial tycoons and enterprises that are about to put into crowdfunding ranks, using asp.net+MsSQL database as the system architecture, and the front-end using html5+css3 modern html language to create a...

KB941203 - MS08-040: Vulnerabilities in Microsoft SQL Server could allow elevation of privilege

Resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of the system.INTRODUCTIONMicrosoft has released security bulletin MS08-040. To view the complete security bulletin, visit one of the followi...

KB3204399 - Cumulative update 10 for SQL Server 2014 SP1

KB3204399 - Cumulative update 10 for SQL Server 2014 SP1 This article describes cumulative update package 10 build number: 12.0.4491.0 for Microsoft SQL Server 2014 Service Pack 1 SP1. This update contains fixes that were released after the release of SQL Server 2014 SP1. Cumulative update...