CVE-2025-26385 Metasys product command injection vulnerability could allow remote SQL execution

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

CVE-2025-26385

CVE-2025-26385 concerns Johnson Controls Metasys components vulnerable to an Improper Neutralization of Special Elements used in a Command (Command Injection) , with potential for remote SQL execution . Affected versions include Metasys ADS/ADX with SQL Express in 14.1 and earlier, LCS8500/NAE850...

EUVD-2022-37038

Malicious code in bioql PyPI...

EUVD-2022-37039

Malicious code in bioql PyPI...

CVE-2022-34006

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT...

CVE-2022-34005

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...

Provisioning Services Cannot Connect to SQL Express

During setup using the Provisioning Services Configuration Wizard, connecting to a Microsoft SQL Express instance installed on another machine fails with the error “Invalid Server”. The specific error code is either “error: 26” or “error: 28”;A network-related or instance-specific error occurred...

SA-2023-12-19-CVE-2023-39336

SECURITY ADVISORY 2023-12-19 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU4 and all prior versions. More information can be found here: CVE-2023-39336 Full details Please log into the community to access the full details page. Vulnerability...

Delivery Controller fails to connect to local SQL Express database

Migrating databases for existing site from a full SQL server to a SQL Express instance running in the same VM as one of the Delivery Controllers causes the controller hosting the SQL Express not to be able to connect to the database, even after the correct machine account permissions and login...

CVE-2022-34005

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...

CVE-2022-34006

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT...

Remote code execution

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...

CVE-2022-34005

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...

CVE-2022-34006

Titan FTP Server NextGen (pre-1.2.1050) is affected by a flaw in the installation of Microsoft SQL Express 2019 where the SQL instance runs as SYSTEM with BUILTIN\Users as sysadmin. This configuration can allow an unprivileged Windows user to execute commands locally as NT AUTHORITY\SYSTEM (NX-I6...

South River Technologies TitanFTP NextGen 信任管理问题漏洞

South River Technologies TitanFTP NextGen South River Technologies Titan FTP NextGen is a natively supported cluster for high availability and failover SFTP/ FTP server. A security vulnerability exists in South River Technologies TitanFTP NextGen versions prior to 1.2.1050, which originates from ...

PT-2022-3053 · South River Technologies +1 · Titan Ftp Server Nextgen +1

Name of the Vulnerable Software and Affected Versions: Titan FTP Server NextGen versions prior to 1.2.1050 Description: The issue is related to errors during the installation of Microsoft SQL Express 2019, which allows an attacker to execute arbitrary commands with elevated privileges. When...

SQL Express Maximum Database Size Limitation for Veeam Backup & Replication

Veeam Backup & Replication 12 Feature Starting with Veeam Backup & Replication 12, all new deployments will use PostgreSQL as the default database engine to host the configuration database. PostgreSQL does not have the limitations discussed in this article. Existing deployments upgraded from Veea...

Veeam ONE: SQL Express Maximum Database Size Limitation

Challenge When the Veeam ONE database is located in a SQL Express instance, if the database reaches the maximum allowed size, Veeam ONE will not be able to continue data collection, thus affecting data accuracy and alarm generation. Cause If you choose to host the Veeam ONE database on Microsoft...

Veeam Explorer for SharePoint - Item Restore Fails Due to SQL Express Database Size Limitation

Challenge When performing a SharePoint item restore using Veeam Explore for Microsoft Sharepoint, the following error occurs: CREATE DATABASE or ALTER DATABASE failed because the resulting cumulative database size would exceed your licensed limit of 10240 MB per database or CREATE DATABASE or ALT...