Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-3582
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operatio...
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2009-3583
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2009-3581
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts ...
Sql-ledger Sql-ledger 2.8.24
NA
CVE-2008-0086
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
Microsoft Sql Server 7.0
Microsoft Sql Server Desktop Engine 2000
Microsoft Sql Server 2000
Microsoft Sql Server 2005
Microsoft Sql Server Express Edition 2005
Microsoft Data Engine 1.0
NA
CVE-2008-0106
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
Microsoft Sql Server 7.0
Microsoft Sql Server Desktop Engine 2000
Microsoft Sql Server Express Edition 2005
Microsoft Data Engine 1.0
Microsoft Sql Server 2000
Microsoft Sql Server 2005
7.8
CVSSv3
CVE-2023-29349
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
Microsoft Sql Server 2019
Microsoft Sql Server 2022
Microsoft Odbc Driver For Sql Server
Microsoft Ole Db Driver For Sql Server
8.8
CVSSv3
CVE-2023-38169
Microsoft SQL OLE DB Remote Code Execution Vulnerability
Microsoft Sql Server 2019
Microsoft Sql Server 2022
Microsoft Odbc Driver For Sql Server 17.10.3.1
Microsoft Odbc Driver For Sql Server 18.1.2.1
Microsoft Odbc Driver For Sql Server 17.0.1.1
Microsoft Ole Db Driver For Sql Server 19.0.0
Microsoft Ole Db Driver For Sql Server 19.1.0
Microsoft Ole Db Driver For Sql Server 19.2.0
Microsoft Ole Db Driver For Sql Server 19.3.0
Microsoft Odbc Driver For Sql Server 17.10.4.1
Microsoft Odbc Driver For Sql Server 18.0.1.1
Microsoft Odbc Driver For Sql Server 18.2.1.1
Microsoft Ole Db Driver For Sql Server 18.0.2
Microsoft Ole Db Driver For Sql Server 18.1.0
Microsoft Ole Db Driver For Sql Server 18.2.1
Microsoft Ole Db Driver For Sql Server 18.2.2
Microsoft Ole Db Driver For Sql Server 18.2.3
Microsoft Ole Db Driver For Sql Server 18.3.0
Microsoft Ole Db Driver For Sql Server 18.4.0
Microsoft Ole Db Driver For Sql Server 18.5.0
Microsoft Ole Db Driver For Sql Server 18.6.0
NA
CVE-2007-1540
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and previous versions, and (2) LedgerSMB prior to 1.2.0, allows remote malicious users to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login param...
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb
1 EDB exploit
NA
CVE-2008-4077
The CGI scripts in (1) LedgerSMB (LSMB) prior to 1.2.15 and (2) SQL-Ledger 2.8.17 and previous versions allow remote malicious users to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »