CVE-2020-0618

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka ‘Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability’. Recent assessments: wvu-r7 at February 18, 2020 6:51pm UTC reported: Although the...

Microsoft SQL Server Reporting Services Cross-Site Scripting Vulnerability

Microsoft SQL Server Reporting Services is a server-based reporting platform. A cross-site scripting vulnerability exists in Microsoft SQL Server Reporting Services that originates from the program failing to properly clean up a specially crafted web request. A remote attacker could exploit the...

CVE-2019-1332

A cross-site scripting XSS vulnerability exists when Microsoft SQL Server Reporting Services SSRS does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'...

Cross site scripting

A cross-site scripting XSS vulnerability exists when Microsoft SQL Server Reporting Services SSRS does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'...

KLA11620 SUI Vulnerability in Microsoft SQL Server

A cross-site-scripting XSS vulnerability was found in Microsoft SQL Server Reporting Services. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2019-1332 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-SQL-Server...

Code Execution Vulnerability in ZZZcms 1.7.3

zzcms using ASP ACCESS/MSSQL free station building system , all source code open source complete , support the direct use . ZZZcms 1.7.3 there is a code execution vulnerability , attackers can use the vulnerability to inject malicious code...

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

CVE-2019-18464

CVE-2019-18464 affects Progress MOVEit Transfer REST API across the affected branches: 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3). The vulnerability is SQL Injection in the REST API that can allow an unauthenticated attacker to gain unauthorized ...

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

Cybersecurity researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily. Dubbed Skip-2.0, the backdoor malware is a post-exploitation tool that runs...

Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

Cybersecurity researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily. Dubbed Skip-2.0 , the backdoor malware is a post-exploitation tool that run...

GHSA-58V4-QWX5-7F59 SQL Injection in knex

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB...

Microsoft SQL Server Management Studio Information Disclosure Vulnerability (CNVD-2020-13542)

Microsoft SQL Server Management Studio is an integrated environment for managing multiple SQL infrastructures from Microsoft. The product is mainly used for setting up, monitoring and managing SQL programs. An information disclosure vulnerability exists in Microsoft SQL Server Management Studio...

CVE-2019-1376

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313...

Information disclosure

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376...

Information disclosure

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313...

CVE-2019-1376

CVE-2019-1376 describes an information disclosure vulnerability in Microsoft SQL Server Management Studio (SSMS) where permissions are not properly enforced. The connected documents do not provide concrete technical details about the affected component versions, root cause, impact, or remediation...

CVE-2019-1313

CVE-2019-1313 affects Microsoft SQL Server Management Studio (SSMS). Connected sources describe an information disclosure due to improper enforcement of permissions, enabling potential access to sensitive database/file information. Specifics across documents include affected SSMS versions (e.g., ...

KLA11654 Information disclosure vulnerabilities in Microsoft SQL Server

Information disclosure vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2019-1376 CVE-2019-1313 Related products Microsoft-SQL-Server CVE list CVE-2019-1376 warning CVE-2019-1313 warning KB...

Microsoft SQL Server Management Studio CVE-2019-1313 Information Disclosure Vulnerability

Description Microsoft SQL Server Management Studio is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server Management Studio 18.3 Microsoft SQL Server...