Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-26754
wpDataTables prior to 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.
Wpdatatables Wpdatatables
9.8
CVSSv3
CVE-2020-29493
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend databas...
Dell Emc Avamar Server 19.1
Dell Emc Avamar Server 19.2
Dell Emc Avamar Server 19.3
Dell Emc Integrated Data Protection Appliance 2.5
Dell Emc Integrated Data Protection Appliance 2.6
9.8
CVSSv3
CVE-2020-27995
SQL Injection in Zoho ManageEngine Applications Manager 14 prior to 14560 allows an malicious user to execute commands on the server via the MyPage.do template_resid parameter.
Zohocorp Manageengine Applications Manager 14.0
9.8
CVSSv3
CVE-2020-12870
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.
Rainbowfishsoftware Pacsone Server 6.8.4
9.8
CVSSv3
CVE-2020-8211
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server prior to 10.9 RP5 allows SQL Injection.
Citrix Xenmobile Server
Citrix Xenmobile Server 10.9.0
Citrix Xenmobile Server 10.10.0
Citrix Xenmobile Server 10.11.0
Citrix Xenmobile Server 10.12.0
9.8
CVSSv3
CVE-2020-12606
An issue exists in DB Soft SGLAC prior to 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an malicious user to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xp_cm...
Dbsoft Sglac
9.8
CVSSv3
CVE-2017-18888
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
9.8
CVSSv3
CVE-2020-12442
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
Ivanti Avalanche 6.3
9.8
CVSSv3
CVE-2020-11537
A SQL Injection issue exists in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API.
Onlyoffice Document Server 5.5.0
9.8
CVSSv3
CVE-2020-5723
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an malicious user to retrieve all passwords and possibly gain elevated privileges.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
1 Metasploit module
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »