Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-3580
Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote malicious users to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2009-3581
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts ...
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2009-3582
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operatio...
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2009-3583
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2008-0086
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
Microsoft Sql Server 7.0
Microsoft Sql Server Desktop Engine 2000
Microsoft Sql Server 2000
Microsoft Sql Server 2005
Microsoft Sql Server Express Edition 2005
Microsoft Data Engine 1.0
NA
CVE-2008-0106
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
Microsoft Sql Server 7.0
Microsoft Sql Server Desktop Engine 2000
Microsoft Sql Server Express Edition 2005
Microsoft Data Engine 1.0
Microsoft Sql Server 2000
Microsoft Sql Server 2005
8.8
CVSSv3
CVE-2023-38169
Microsoft SQL OLE DB Remote Code Execution Vulnerability
Microsoft Sql Server 2019
Microsoft Sql Server 2022
Microsoft Odbc Driver For Sql Server 17.10.3.1
Microsoft Odbc Driver For Sql Server 18.1.2.1
Microsoft Odbc Driver For Sql Server 17.0.1.1
Microsoft Ole Db Driver For Sql Server 19.0.0
Microsoft Ole Db Driver For Sql Server 19.1.0
Microsoft Ole Db Driver For Sql Server 19.2.0
Microsoft Ole Db Driver For Sql Server 19.3.0
Microsoft Odbc Driver For Sql Server 17.10.4.1
Microsoft Odbc Driver For Sql Server 18.0.1.1
Microsoft Odbc Driver For Sql Server 18.2.1.1
Microsoft Ole Db Driver For Sql Server 18.0.2
Microsoft Ole Db Driver For Sql Server 18.1.0
Microsoft Ole Db Driver For Sql Server 18.2.1
Microsoft Ole Db Driver For Sql Server 18.2.2
Microsoft Ole Db Driver For Sql Server 18.2.3
Microsoft Ole Db Driver For Sql Server 18.3.0
Microsoft Ole Db Driver For Sql Server 18.4.0
Microsoft Ole Db Driver For Sql Server 18.5.0
Microsoft Ole Db Driver For Sql Server 18.6.0
7.8
CVSSv3
CVE-2023-29349
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
Microsoft Sql Server 2019
Microsoft Sql Server 2022
Microsoft Odbc Driver For Sql Server
Microsoft Ole Db Driver For Sql Server
NA
CVE-2007-1923
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote malicious users to access restricted functionality via direct requests. The LedgerSMB affected versions are prior to 1.3.0.
Ledgersmb Ledgersmb
Sql-ledger Sql-ledger -
NA
CVE-2008-4077
The CGI scripts in (1) LedgerSMB (LSMB) prior to 1.2.15 and (2) SQL-Ledger 2.8.17 and previous versions allow remote malicious users to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »