Microsoft ODBC Driver 安全漏洞

Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver that originates from allowing remote code execution and affects the...

KLA50361 Multiple vulnerabilities in Microsoft SQL Server

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft ODBC Driver for SQL Server can be exploited remotely to...

CVE-2023-29372

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2023-29372

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

Remote code execution

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2023-29372 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

CVE-2023-29372 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

CVE-2023-29372

CVE-2023-29372 affects the Microsoft WDAC OLE DB provider for SQL Server and is described as a Remote Code Execution vulnerability. The available information lists a CVSS v3.1 base score of 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, NO privileges required, UI required, and impa...

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

PT-2023-3160 · Microsoft · Wdac Ole Db Provider For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft WDAC OLE DB provider for SQL Server affected versions not specified Description: The issue is related to insufficient input validation in the Microsoft WDAC OLE DB provider for SQL Server, which can be exploited by a remote attacker...

VulnCheck KEV: CVE-2020-0618

Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account...

Progress MOVEit Transfer SQL Injection Vulnerability

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker may be able to infer informati...

VulnCheck KEV: CVE-2023-34362

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker may be able to infer...

Migrate Citrix Virtual Apps and Desktop databases to a new SQL server

Please follow these steps. 1.Close all instances of Citrix studio. Any configuration changes even through powershell to be stopped while following the stepsYou can power down DDCs to be extra cautious Take VM snapshot or take backup of all Delivery Controllers. 2. Take full backup of Site, Monito...

Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data

A new security flaw has been disclosed in the Google Cloud Platform's GCP Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a...

SQL injection in Liferay Portal

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

GHSA-G7VW-43XG-8M4H SQL injection in Liferay Portal

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

CVE-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

Sql injection

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

CVE-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...