Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. We tested and verified the null byte...

GHSA-V42G-7Q2X-CW32 Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. We tested and verified the null byte...

Sql Injection

laravel/framework is vulnerable to Sql Injection. The vulnerability is due to user input passed directly to the limit and offset functions in SQL Server, resulting is SQL injection...

laravel framework SQL Injection via limit and offset functions

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

GHSA-WQ8P-MQVG-2P5H laravel framework SQL Injection via limit and offset functions

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

CVE-2024-30006

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2024-30006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

CVE-2024-30006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

CVE-2024-30006

CVE-2024-30006 affects the Microsoft WDAC OLE DB provider for SQL Server and enables Remote Code Execution. The CVSS v3.1 base score is 8.8 (HIGH) with Network attack vector, Low attack complexity, and user interaction required. Some sources list it as a high-severity Windows vulnerability (score...

CVE-2024-27941

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database...

CVE-2024-27940

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database...

CVE-2024-27941

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database...

CVE-2024-27941

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database...

CVE-2024-27941

CVE-2024-27941 affects Siemens RUGGEDCOM CROSSBOW (all versions prior to V5.5). The root cause is improper input data sanitization before sending data to the SQL server, enabling SQL injection that could compromise the entire database. Public references from multiple sources corroborate a SQL inj...

CVE-2024-27940

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database...

CVE-2024-27940

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database...

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

KB5037763: Windows 10 Version 1607 / Windows Server 2016 Security Update (May 2024)

The remote Windows host is missing security update 5037763. It is, therefore, affected by multiple vulnerabilities - Windows MSHTML Platform Security Feature Bypass Vulnerability CVE-2024-30040 - Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2024-29996,...

PT-2024-3940 · Microsoft · Wdac Ole Db Provider For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft WDAC OLE DB provider for SQL Server affected versions not specified Description: The issue is related to a memory use after free condition. It allows remote attackers to execute arbitrary code on the system. Recommendations: At the...

KLA67394 OSI vulnerability in Microsoft SQL Server

An information disclosure vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2024-30054 Related products Microsoft-Power-BI CVE list CVE-2024-30054 high Solution Install necessary updates from th...