Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-9264
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote malicious users to execute arbitrary code via a crafted column alias.
Sap Sql Anywhere
NA
CVE-2022-38107
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details.
Solarwinds Sql Sentry
4
CVSSv2
CVE-2016-10310
Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 23...
Sap Sql Anywhere
6.4
CVSSv2
CVE-2002-0943
MetaCart2.sql stores the user database under the web document root without access controls, which allows remote malicious users to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb.
Metalinks Metacart2.sql
NA
CVE-2023-21969
Vulnerability in Oracle SQL Developer (component: Installation). Supported versions that are affected are before 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL ...
Oracle Sql Developer
1 Github repository
4.6
CVSSv2
CVE-2000-1082
The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an malicious user to caus...
Microsoft Data Engine 1.0
Microsoft Data Engine 2000
Microsoft Sql Server 2000
Microsoft Sql Server 7.0
10
CVSSv2
CVE-2002-0721
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execre...
Microsoft Sql Server 2000
Microsoft Data Engine 1.0
Microsoft Data Engine 2000
Microsoft Sql Server 7.0
1 EDB exploit
4.6
CVSSv2
CVE-2000-1081
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an malicious user to c...
Microsoft Sql Server 7.0
Microsoft Data Engine 1.0
Microsoft Data Engine 2000
Microsoft Sql Server 2000
1 EDB exploit
4.6
CVSSv2
CVE-2000-1084
The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an malicious user to cause...
Microsoft Data Engine 1.0
Microsoft Data Engine 2000
Microsoft Sql Server 2000
Microsoft Sql Server 7.0
10
CVSSv2
CVE-2002-1145
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an malicious user to gain privileges by updating a webtask that i...
Microsoft Sql Server 7.0
Microsoft Sql Server 2000
Microsoft Data Engine 1.0
Microsoft Data Engine 2000
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »