Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql server 2017 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-5569
An issue exists in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, usi...
Eclinicalworks Patient Portal 7.0
8.8
CVSSv3
CVE-2023-21705
Microsoft SQL Server Remote Code Execution Vulnerability
Microsoft Sql Server 2014
Microsoft Sql Server 2017
Microsoft Sql Server 2012
Microsoft Sql Server 2019
Microsoft Sql Server 2016
Microsoft Sql Server 2022
8.8
CVSSv3
CVE-2023-21713
Microsoft SQL Server Remote Code Execution Vulnerability
Microsoft Sql Server 2014
Microsoft Sql Server 2017
Microsoft Sql Server 2012
Microsoft Sql Server 2019
Microsoft Sql Server 2016
Microsoft Sql Server 2022
8.8
CVSSv3
CVE-2021-1636
Microsoft SQL Elevation of Privilege Vulnerability
Microsoft Sql Server 2014
Microsoft Sql Server 2016
Microsoft Sql Server 2012
Microsoft Sql Server 2017
Microsoft Sql Server 2019
1 Github repository
8.8
CVSSv3
CVE-2020-25695
A flaw was found in PostgreSQL versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20 and prior to 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity o...
Postgresql Postgresql
Debian Debian Linux 9.0
1 Github repository
8.8
CVSSv3
CVE-2019-1068
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
Microsoft Sql Server 2017
Microsoft Sql Server 2014
Microsoft Sql Server 2016
1 Github repository
2 Articles
8.8
CVSSv3
CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
Firebirdsql Firebird 2.5.7
Firebirdsql Firebird 3.0.2
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2017-15365
sql/event_data_objects.cc in MariaDB prior to 10.1.30 and 10.2.x prior to 10.2.10 and Percona XtraDB Cluster prior to 5.6.37-26.21-3 and 5.7.x prior to 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data defin...
Fedoraproject Fedora 26
Mariadb Mariadb
Percona Xtradb Cluster
8.8
CVSSv3
CVE-2017-17091
wp-admin/user-new.php in WordPress prior to 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote malicious users to bypass intended access restrictions by entering this string.
Wordpress Wordpress
2 Github repositories
8.8
CVSSv3
CVE-2017-7221
OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created ...
Opentext Documentum Content Server -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »