4416 matches found
CVE-2025-62575
NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures...
CVE-2025-64298 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...
CVE-2025-64298 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...
Microsoft Windows SMB to MSSQL Relay
This module supports running an SMB server which validates credentials, and then attempts to execute a relay attack against an MSSQL server on the configured RHOSTS hosts. If the relay succeeds, an MSSQL session to the target will be created. This can be used by any modules that support MSSQL...
Microsoft Patch Tuesday, November 2025 Edition
Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of...
Security Updates for Microsoft SQL Server (November 2025)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected a vulnerability: - Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
Microsoft Patch Tuesday, November 2025 Security Update Review
Microsoft released its November Patch Tuesday Security Updates. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for November 2025 This month's release addresses 68 vulnerabilities, including five critical and 59 important-severity vulnerabilities. In this month's update...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server. An authenticated malicious party can exploit the vulnerability to use specially prepared SQL statements SQL Injection to grant themselves elevated privileges and thus gain access to sensitive information that the malicious party is not initially...
CVE-2025-59499
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-59499 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2025-59499 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2025-59499
CVE-2025-59499 is a Microsoft SQL Server Elevation of Privilege vulnerability caused by improper neutralization of special elements in SQL commands (SQL injection). Exploitation could allow an authenticated attacker to elevate privileges over the network without user interaction. The CVE is addre...
KB5068406 - Description of the security update for SQL Server 2022 CU21: November 11, 2025
KB5068406 - Description of the security update for SQL Server 2022 CU21: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...
KB5068405 - Description of the security update for SQL Server 2019 GDR: November 11, 2025
KB5068405 - Description of the security update for SQL Server 2019 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025
KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068403 - Description of the security update for SQL Server 2017 GDR: November 11, 2025
KB5068403 - Description of the security update for SQL Server 2017 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068401 - Description of the security update for SQL Server 2016 SP3 GDR: November 11, 2025
KB5068401 - Description of the security update for SQL Server 2016 SP3 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contai...
KB5068407 - Description of the security update for SQL Server 2022 GDR: November 11, 2025
KB5068407 - Description of the security update for SQL Server 2022 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025
KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...
PT-2025-46453
Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description The software contains an SQL injection issue due to improper neutralization of special elements used in SQL commands. This allows an authorized attacker to elevate privileges over a networ...