CVE-2023-33945

SQL injection in the upgrade workflow affects Liferay Portal 7.3.1–7.4.3.17 (SQL Server) and Liferay DXP 7.3 pre-update 6 and 7.4 pre-update 18. The issue allows arbitrary SQL commands via a database table’s primary key index name and is exploitable only when chained with other attacks; exploitat...

CVE-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

Important: Red Hat Security Advisory: mysql:8.0 security, bug fix, and enhancement update

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware

Poorly managed Microsoft SQL MS SQL servers are the target of a new campaign that's designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware. "Similar to web shell, which can be installed on web servers,...

CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware

Poorly managed Microsoft SQL MS SQL servers are the target of a new campaign that's designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware. "Similar to web shell, which can be installed on web servers,...

Security Updates for Microsoft SQL Server OLE DB Driver (April 2023)

The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Security Updates for Microsoft SQL Server (April 2023)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Security Updates for Microsoft SQL Server (April 2023)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Security Updates for Microsoft SQL Server ODBC Driver (April 2023)

The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Microsoft Windows OLE 安全漏洞

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation USA that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft Windows OLE. The following products and editions are affected:Windows 10 Version 1809 for 32-bit...

Vulnerability of the Server component: The MySQL Server database management system’s Optimizer component, related to insufficient validation of input data

The vulnerability of the MySQL Server component of the database management system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute a DoS attack remotely...

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the SQLcmd utility in the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the SQLcmd utility in the Microsoft SQL Server database management system is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created data...

PT-2023-22785 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query the connected databases. User input coming from the db name in the sql/data...

Microsoft OLE DB Driver for SQL Server Installed (Windows)

Binary data microsoftoledbdriverforsqlserverwininstalled.nbin...

Microsoft ODBC Driver for SQL Server Installed (Windows)

Binary data microsoftodbcdriverforsqlserverwininstalled.nbin...

CVE-2023-28275

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2023-28275

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2023-23384

Microsoft SQL Server Remote Code Execution Vulnerability...

CVE-2023-23384

Microsoft SQL Server Remote Code Execution Vulnerability...