Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-3581
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts ...
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2009-3582
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operatio...
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2009-4402
The default configuration of SQL-Ledger 2.8.24 allows remote malicious users to perform unspecified administrative operations by providing an arbitrary password to the admin interface.
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2008-0086
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
Microsoft Sql Server 7.0
Microsoft Sql Server Desktop Engine 2000
Microsoft Sql Server 2000
Microsoft Sql Server 2005
Microsoft Sql Server Express Edition 2005
Microsoft Data Engine 1.0
NA
CVE-2008-0106
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
Microsoft Sql Server 7.0
Microsoft Sql Server Desktop Engine 2000
Microsoft Sql Server Express Edition 2005
Microsoft Data Engine 1.0
Microsoft Sql Server 2000
Microsoft Sql Server 2005
7.8
CVSSv3
CVE-2023-29349
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
Microsoft Sql Server 2019
Microsoft Sql Server 2022
Microsoft Odbc Driver For Sql Server
Microsoft Ole Db Driver For Sql Server
8.8
CVSSv3
CVE-2023-38169
Microsoft SQL OLE DB Remote Code Execution Vulnerability
Microsoft Sql Server 2019
Microsoft Sql Server 2022
Microsoft Odbc Driver For Sql Server 17.10.3.1
Microsoft Odbc Driver For Sql Server 18.1.2.1
Microsoft Odbc Driver For Sql Server 17.0.1.1
Microsoft Ole Db Driver For Sql Server 19.0.0
Microsoft Ole Db Driver For Sql Server 19.1.0
Microsoft Ole Db Driver For Sql Server 19.2.0
Microsoft Ole Db Driver For Sql Server 19.3.0
Microsoft Odbc Driver For Sql Server 17.10.4.1
Microsoft Odbc Driver For Sql Server 18.0.1.1
Microsoft Odbc Driver For Sql Server 18.2.1.1
Microsoft Ole Db Driver For Sql Server 18.0.2
Microsoft Ole Db Driver For Sql Server 18.1.0
Microsoft Ole Db Driver For Sql Server 18.2.1
Microsoft Ole Db Driver For Sql Server 18.2.2
Microsoft Ole Db Driver For Sql Server 18.2.3
Microsoft Ole Db Driver For Sql Server 18.3.0
Microsoft Ole Db Driver For Sql Server 18.4.0
Microsoft Ole Db Driver For Sql Server 18.5.0
Microsoft Ole Db Driver For Sql Server 18.6.0
NA
CVE-2008-4077
The CGI scripts in (1) LedgerSMB (LSMB) prior to 1.2.15 and (2) SQL-Ledger 2.8.17 and previous versions allow remote malicious users to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb
NA
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) prior to 1.2.15 and (2) SQL-Ledger 2.8.17 and previous versions allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »