Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql server vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-2552
Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote malicious users to inject arbitrary web script or HTML via an unspecified p...
Microsoft Sql Server 2005
Microsoft Sql Server 2008
Microsoft Sql Server 2012
Microsoft Sql Server Reporting Services 2000
6.5
CVSSv2
CVE-2019-1068
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
Microsoft Sql Server 2017
Microsoft Sql Server 2014
Microsoft Sql Server 2016
1 Github repository
2 Articles
5
CVSSv2
CVE-2017-8516
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Discl...
Microsoft Sql Server 2016
Microsoft Sql Server 2012
Microsoft Sql Server 2014
1 Article
6.5
CVSSv2
CVE-2020-0618
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
Microsoft Sql Server 2012
Microsoft Sql Server 2014
Microsoft Sql Server 2016
4 Github repositories
2 Articles
6.5
CVSSv2
CVE-2015-1761
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Pr...
Microsoft Sql Server 2012
Microsoft Sql Server 2014
Microsoft Sql Server 2008
1 Article
7.1
CVSSv2
CVE-2015-1762
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by l...
Microsoft Sql Server 2008
Microsoft Sql Server 2012
Microsoft Sql Server 2014
1 Article
8.5
CVSSv2
CVE-2015-1763
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "S...
Microsoft Sql Server 2008
Microsoft Sql Server 2012
Microsoft Sql Server 2014
1 Article
9
CVSSv2
CVE-2008-0086
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
Microsoft Sql Server 7.0
Microsoft Sql Server Desktop Engine 2000
Microsoft Sql Server 2000
Microsoft Sql Server 2005
Microsoft Sql Server Express Edition 2005
Microsoft Data Engine 1.0
9
CVSSv2
CVE-2008-0106
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
Microsoft Sql Server 7.0
Microsoft Sql Server Desktop Engine 2000
Microsoft Sql Server Express Edition 2005
Microsoft Data Engine 1.0
Microsoft Sql Server 2000
Microsoft Sql Server 2005
7.5
CVSSv2
CVE-2015-7876
The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x prior to 7.x-1.4 does not properly escape certain characters, which allows remote malicious users to execute arbitrary SQL commands via vectors involving a module using the ...
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.0
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.1
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.2
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »