CVE-2023-47800

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

CVE-2022-30335

Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...

CVE-2021-37614

In certain Progress MOVEit Transfer versions before 2021.0.3 aka 13.0.3, SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

CVE-2020-0618

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'...

CVE-2019-1332

A cross-site scripting XSS vulnerability exists when Microsoft SQL Server Reporting Services SSRS does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'...

CVE-2019-0819

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'...

CVE-2019-1068

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'...

CVE-2002-1981

Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the 1 spMSSetServerProperties or 2 spMSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings...

KLA82402 PE vulnerability in Microsoft SQL Server

An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-29803 Related products Microsoft-SQL-Server Microsoft-SQL-Server-Management-Studio CVE list CVE-2025-29803 high Solution Insta...

📄 Microsoft SQL Server 2022 Missing Log Entry

Microsoft SQL Server 2022 fails to properly log when a security audit is configured for SERVERPERMISSIONCHANGEGROUP. Title: SQL Server 2022 Security Audit Failure Vulnerability Product: Microsoft SQL Server Affected Versions: 2022 RTM-CU18 KB5050771 Tested Versions: 2022 RTM-CU18 KB5050771 Fix:...

CentralSquare eTRAKiT 安全漏洞

CentralSquare eTRAKiT is a public online portal from CentralSquare, Inc. that interacts with internal community development systems. A security vulnerability exists in CentralSquare eTRAKiT version 3.2.1.77, which stems from improper input validation and could allow a remote, unauthenticated...

Linux Distros Unpatched Vulnerability : CVE-2015-8879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause ...

Security Updates for Microsoft SQL Server (July 2024)

The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-20701,...

Security Updates for Microsoft SQL Server (July 2024)

The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-20701,...

Microsoft SQL Server Privilege Escalation

Microsoft SQL Server versions 2016, 2017, 2019, and 2022 suffer from multiple privilege escalation vulnerabilities to the SYSADMIN role. Title: Microsoft SQL Server Privilege Escalation from Control Server To Sysadmin role Product: Microsoft SQL Server Affected Versions: sql server...

Microsoft SQL Server Native Client Remote Code Execution Vulnerability (CNVD-2025-02466)

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...

Microsoft SQL Server Native Client Remote Code Execution Vulnerability (CNVD-2025-02468)

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...

Security Updates for Microsoft SQL Server (November 2024)

The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-38255,...

Microsoft SQL Server Native Client Remote Code Execution Vulnerability (CNVD-2025-02465)

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...

Microsoft SQL Server Native Client Remote Code Execution Vulnerability

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...