Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0154
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote malicious users to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
Microsoft Sql Server 7.0
Microsoft Sql Server 2000
NA
CVE-2008-5416
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and previous versions; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows I...
Microsoft Sql Server 2000
Microsoft Sql Server 2005
3 EDB exploits
1 Github repository
NA
CVE-2001-0344
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
Microsoft Sql Server 2000
Microsoft Sql Server 7.0
NA
CVE-2014-1820
Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote malicious users to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."
Microsoft Sql Server 2012
Microsoft Sql Server 2014
7.2
CVSSv3
CVE-2017-3486
Vulnerability in the SQL*Plus component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where SQL*Plus execu...
Oracle Sql Plus 12.1.0.2
Oracle Sql Plus 11.2.0.4
NA
CVE-2001-0542
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified ...
Microsoft Sql Server 2000
Microsoft Sql Server 7.0
NA
CVE-2015-2819
SAP Sybase SQL Anywhere 11 and 16 allows remote malicious users to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161.
Sap Sql Anywhere 11.0
Sap Sql Anywhere 16.0
8.8
CVSSv3
CVE-2016-7253
The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability.&quo...
Microsoft Sql Server 2012
Microsoft Sql Server 2014
NA
CVE-2008-0085
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memo...
Microsoft Data Engine 1.0
Microsoft Sql Server 7.0
Microsoft Sql Server 2000
Microsoft Sql Server 2005
Microsoft Sql Server Desktop Engine 2000
Microsoft Wmsde 2000
Microsoft Wyukon
NA
CVE-2004-0455
Buffer overflow in cgi.c in www-sql prior to 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.
Www-sql Project Www-sql
Debian Debian Linux 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »