69 matches found
Microsoft SQL Server SQL Injection Vulnerability
Microsoft SQL Server is a large commercial database system from Microsoft that is used under Microsoft Windows. A SQL injection vulnerability exists in Microsoft SQL Server. The following products and versions are affected:Microsoft SQL Server 2019 for x64-based Systems GDR,Microsoft SQL Server...
KB3207512 - Important update for SQL Server 2016 SP1 Reporting Services
KB3207512 - Important update for SQL Server 2016 SP1 Reporting Services See the products and operating systems that this article applies to. This article describes an important update package build number: 13.0.4199.0 for Microsoft SQL Server 2016 Service Pack 1 SP1 Reporting Services. This updat...
Immunity Canvas: SSRS_VIEWSTATE_RCE
Name| ssrsviewstaterce ---|--- CVE| CVE-2020-0618 Exploit Pack| CANVAS Description| ssrsviewstaterce Notes| CVE Name: CVE-2020-0618 VENDOR: Microsoft NOTES: This exploit has been tested on SQL Server 2016 VersionsAffected: VERSIONS Repeatability: Infinite References:...
KB4535706 - Description of the security update for SQL Server 2016 SP2 CU11: February 11, 2020
KB4535706 - Description of the security update for SQL Server 2016 SP2 CU11: February 11, 2020 Summary A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services if it incorrectly handles page requests. An attacker who successfully exploits this vulnerability could...
KB4505221 - Description of the security update for SQL Server 2016 SP1 CU15: July 9, 2019
KB4505221 - Description of the security update for SQL Server 2016 SP1 CU15: July 9, 2019 Summary A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions. An attacker who successfully exploited this vulnerability could...
KB4505222 - Description of the security update for SQL Server 2016 SP2 CU7: July 9, 2019
KB4505222 - Description of the security update for SQL Server 2016 SP2 CU7: July 9, 2019 Summary A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions. An attacker who successfully exploited this vulnerability could execu...
KB4505220 - Description of the security update for SQL Server 2016 SP2 GDR: July 9, 2019
KB4505220 - Description of the security update for SQL Server 2016 SP2 GDR: July 9, 2019 Summary A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions. An attacker who successfully exploited this vulnerability could execu...
KB4458621 - Description of the security update for the Remote Code Execution vulnerability in SQL Server 2016 SP2 (CU): August 21, 2018
KB4458621 - Description of the security update for the Remote Code Execution vulnerability in SQL Server 2016 SP2 CU: August 21, 2018 Summary A buffer overflow vulnerability exists in Microsoft SQL Server that could allow remote code execution on an affected system. An attacker who successfully...
KB4293802 - Description of the security update for the Remote Code Execution vulnerability in SQL Server 2016 SP2 (GDR): August 14, 2018
KB4293802 - Description of the security update for the Remote Code Execution vulnerability in SQL Server 2016 SP2 GDR: August 14, 2018 Summary A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system. An attacker who...
KB4458842 - Description of the security update for the remote code execution vulnerability in SQL Server 2016 SP1 (GDR): August 22, 2018
KB4458842 - Description of the security update for the remote code execution vulnerability in SQL Server 2016 SP1 GDR: August 22, 2018 Summary A buffer overflow vulnerability exists in Microsoft SQL Server that could allow remote code execution on an affected system. An attacker who successfully...
KB4293808 - Description of the security update for the remote code execution vulnerability in SQL Server 2016 SP1 (CU): August 14, 2018
KB4293808 - Description of the security update for the remote code execution vulnerability in SQL Server 2016 SP1 CU: August 14, 2018 Summary A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system. An attacker who successful...
Description of the security update for SQL Server 2016 GDR: January 6, 2018
Description of the security update for SQL Server 2016 GDR: January 6, 2018 Summary Microsoft is aware of detailed information that has been published about a class of vulnerabilities that are referred to as speculative execution side-channel attacks. To learn more about the vulnerabilities, go t...
Description of the security update for SQL Server 2016 SP1 CU7: January 3, 2018
Description of the security update for SQL Server 2016 SP1 CU7: January 3, 2018 Summary Microsoft is aware of a new publicly disclosed class of vulnerabilities that are referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including...
Description of the security update for SQL Server 2016 SP1 GDR: January 3, 2018
Description of the security update for SQL Server 2016 SP1 GDR: January 3, 2018 Summary Microsoft is aware of detailed information that has been published about a class of vulnerabilities that are referred to as speculative execution side-channel attacks. To learn more about the vulnerabilities, ...
KB4019088 - Description of the security update for SQL Server 2016 RTM GDR: August 8, 2017
KB4019088 - Description of the security update for SQL Server 2016 RTM GDR: August 8, 2017 Summary This update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker to exploit the vulnerability if the attacker's credentials allow access to an...
KB4019095 - Description of the security update for SQL Server 2016 Service Pack 1 CU: August 8, 2017
KB4019095 - Description of the security update for SQL Server 2016 Service Pack 1 CU: August 8, 2017 Summary This update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker to exploit the vulnerability if the attacker's credentials allow acces...
Update Rollup 2 for System Center 2016 Data Protection Manager
Update Rollup 2 for System Center 2016 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 2 for Microsoft System Center 2016 Data Protection Manager. It also contains the installation instructions for this update.Note Existing Data Protection...
CVE-2016-7249
Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."...
CVE-2016-7249
CVE-2016-7249 arises from a flaw in Microsoft SQL Server 2016 where the engine may miscast an unspecified pointer, enabling remote authenticated users to gain privileges via unknown vectors. The connected Nessus/OpenVAS/NASL data confirms this as a privileged-elevation issue in the SQL Server Eng...
KB3194717 - MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016
KB3194717 - MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016 Summary This update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker to gain elevated privileges that might be used to create accounts, or to...