Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. We tested and verified the null byte...

GHSA-V42G-7Q2X-CW32 Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. We tested and verified the null byte...

KLA67394 OSI vulnerability in Microsoft SQL Server

An information disclosure vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2024-30054 Related products Microsoft-Power-BI CVE list CVE-2024-30054 high Solution Install necessary updates from th...

The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library, related to integer overflow, allows an attacker to execute arbitrary code.

The vulnerability of the Microsoft ODBC Driver for SQL Server dynamic sorting library is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the OLE DB driver for SQL Server, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Microsoft SQL (MSSQL) Server Detection (Windows SMB Login)

SMB login-based detection of Microsoft SQL MSSQL Server for Windows. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc...

Microsoft SQL (MSSQL) Server Detection Consolidation

Consolidation of Microsoft SQL MSSQL Server detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Updates for Microsoft SQL Server OLE DB Driver (April 2024)

The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Security Updates for Microsoft SQL Server ODBC Driver (April 2024)

The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

CVE-2024-29984

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability...

CVE-2024-28942

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability...

CVE-2024-28927

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability...

CVE-2024-28911

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability...

CVE-2024-29985 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

...

CVE-2024-29044

CVE-2024-29044 : Microsoft OLE DB Driver for SQL Server Remote Code Execution vulnerability. Connected documentation confirms impact via the OLE DB driver component and lists a security update (KB5036335) that fixes it for SQL Server 2019 CU25, bringing product version to 15.0.4360.2 (Windows) / ...

CVE-2024-28933

CVE-2024-28933 is a Remote Code Execution vulnerability in Microsoft ODBC Driver for SQL Server. The connected sources confirm an in-the-wild risk surfaced by the ODBC driver family (drivers v17 and v18) used with SQL Server clients. The issue is described as a remote code execution vulnerability...

CVE-2024-29047 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

...

CVE-2024-28911

CVE-2024-28911 is a remote code execution vulnerability in the Microsoft OLE DB Driver for SQL Server. Public sources detail affected components as Microsoft OLE DB Driver for SQL Server (drivers used with SQL Server) and indicate the root cause relates to remote code execution via the OLE DB int...

CVE-2024-28909 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

...

Description of the security update for Microsoft ODBC Driver 18 for SQL Server: April 9, 2024

Description of the security update for Microsoft ODBC Driver 18 for SQL Server: April 9, 2024 Summary This security update contains a fix and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2024-28929 - Microsoft ODBC Driver for SQL...