Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-2552
Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote malicious users to inject arbitrary web script or HTML via an unspecified p...
Microsoft Sql Server 2005
Microsoft Sql Server 2008
Microsoft Sql Server 2012
Microsoft Sql Server Reporting Services 2000
7.5
CVSSv3
CVE-2017-8516
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Discl...
Microsoft Sql Server 2016
Microsoft Sql Server 2012
Microsoft Sql Server 2014
1 Article
8.8
CVSSv3
CVE-2019-1068
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
Microsoft Sql Server 2017
Microsoft Sql Server 2014
Microsoft Sql Server 2016
1 Github repository
2 Articles
8.8
CVSSv3
CVE-2020-0618
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
Microsoft Sql Server 2012
Microsoft Sql Server 2014
Microsoft Sql Server 2016
4 Github repositories
2 Articles
NA
CVE-2015-1763
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "S...
Microsoft Sql Server 2008
Microsoft Sql Server 2012
Microsoft Sql Server 2014
1 Article
NA
CVE-2015-1762
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by l...
Microsoft Sql Server 2008
Microsoft Sql Server 2012
Microsoft Sql Server 2014
1 Article
NA
CVE-2015-1761
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Pr...
Microsoft Sql Server 2012
Microsoft Sql Server 2014
Microsoft Sql Server 2008
1 Article
NA
CVE-2009-3580
Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote malicious users to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2009-3583
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2007-1541
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote malicious users to run arbitrary executables and bypass authentication via a .. (dot dot) seq...
Sql-ledger Sql-ledger 2.6.27
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »