4519 matches found
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server. A malicious party can exploit the vulnerability to use a Man-in-the-Middle attack to intercept and decrypt, potentially gaining access to the sensitive data in that traffic. Abuse is not easily accomplished and requires the malicious party is in...
Security Updates for Microsoft SQL Server (January 2024) (Remote)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions...
Microsoft SQL Server db_ddladmin Privilege Escalation Vulnerability
Microsoft SQL Server versions 2014 through 2022 suffers from a dbddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue. Title: SQL Server Privilege...
Unprotected Storage of Credentials
Overview Affected versions of this package are vulnerable to Unprotected Storage of Credentials. An attacker can steal authentication credentials intended for the database server by performing an adversary-in-the-middle attack between the SQL client and the SQL server, even if the connection is...
Microsoft SQL Server Security Vulnerability
Microsoft SQL Server is a large commercial database system from Microsoft that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. An attacker could exploit the vulnerability to bypass certain functionality. The following products and versions are affected:...
KLA62825 SB vulnerability in Microsoft SQL Server
A security feature bypass vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2024-0056 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-SQL-Server CVE list...
Security Updates for Microsoft SQL Server (January 2024)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions...
Security Updates for Microsoft Visual Studio Products (January 2024)
The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability CVE-2023-29356, CVE-2023-32025, CVE-2023-32026, CVE-2023-32027 - NET, .NET Framework,...
CVE-2023-50731
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...
Path traversal
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...
CVE-2023-50731
CVE-2023-50731 – MindsDB : The vulnerability arises in mindsdb/mindsdb/api/http/namespaces/file.py, where the PUT path does not validate the user-controlled name used for a temporary file. This leads to path injection, allowing arbitrary file writes via f.write(chunk) and potential write outside ...
The vulnerability of the WDAC OLE DB component for SQL Server on Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the WDAC OLE DB component for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2023-47261
Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...
Design/Logic Flaw
Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...
CVE-2023-47261
Dokmee ECM 7.4.6 is affected: a response from GettingStarted/SaveSQLConnectionAsync /#/gettingstarted exposes a privileged SQL Server connection string, enabling potential enabling of xp_cmdshell and remote code execution. The incident is described across multiple sources (NVD, Red Hat, PRION, CN...
CVE-2023-47261
Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...
CVE-2023-36006
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...
CVE-2023-36006
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...
CVE-2023-36006
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...
Remote code execution
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...