80 matches found
CVE-2025-58112
Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...
EUVD-2025-208846
Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...
CVE-2025-58112
Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...
CVE-2025-58112
Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...
PT-2026-26140
Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...
CVE-2025-58112
Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...
CVE-2025-58112
Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...
CVE-2025-58112
Microsoft Dynamics 365 Customer Engagement (on‑premises) 1612 (9.0.2.3034) is affected. A malicious .rdl uploaded for SQL Server Reporting Services can trigger execution of arbitrary SQL commands in the underlying database via a report generation flow; this can escalate to accessing linked server...
EUVD-2019-9891
Malware in sbrugna...
EUVD-2020-11938
Malware in sbrugna...
CVE-2019-1332
A cross-site scripting XSS vulnerability exists when Microsoft SQL Server Reporting Services SSRS does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'...
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account...
Security Bulletin: IBM Jazz Reporting Services is vulnerable to a to cross-site scripting (CVE-2020-4051)
Summary Cross-site scripting has been identified in dojo library shipped with IBM Jazz Reporting Services JRS. JRS has addressed the issues by releasing a fix Vulnerability Details CVEID:CVE-2020-4051 DESCRIPTION: Dijit is vulnerable to cross-site scripting, caused by improper validation of...
WordPress SQL Reporting Services – SSRS Plugin for WordPress Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)
Software SQL Reporting Services – SSRS Plugin for WordPress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0f07bb007c39 Credits...
VulnCheck KEV: CVE-2020-0618
Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account...
WordPress SQL Reporting Services – SSRS Plugin for WordPress plugin <= 1.0.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress SQL Reporting Services – SSRS Plugin for WordPress plugin versions = 1.0.3. Solution No patched version available...
Description of the security update for Power BI Report Server (October 2020): March 9, 2021 (KB5001285)
Description of the security update for Power BI Report Server October 2020: March 9, 2021 KB5001285 Summary A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services if it incorrectly handles page requests. An attacker who successfully exploits this vulnerability cou...
Description of the security update for Power BI Report Server (May 2020): March 9, 2021 (KB5001284)
Description of the security update for Power BI Report Server May 2020: March 9, 2021 KB5001284 Summary A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services if it incorrectly handles page requests. An attacker who successfully exploits this vulnerability could...
Microsoft SQL Server Reporting Services Security Feature Bypass Vulnerability
Microsoft SQL Server Reporting Services SSRS provides a range of native tools and services for creating, deploying, and managing mobile and paged reports. A security feature bypass vulnerability exists in Microsoft SQL Server Reporting Services. An attacker could upload file types that are not...
KB2494120 - MS11-049: Description of the security update for SQL Server 2005 Service Pack 4 GDR: June 14, 2011
KB2494120 - MS11-049: Description of the security update for SQL Server 2005 Service Pack 4 GDR: June 14, 2011 INTRODUCTION Microsoft has released security bulletin MS11-049. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...