Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-21704
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft Sql Server 2014
Microsoft Sql Server 2017
Microsoft Sql Server 2019
Microsoft Sql Server 2016
Microsoft Sql Server 2022
505
VMScore
CVE-2006-4731
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger prior to 2.6.19 and (b) LedgerSMB prior to 1.0.0p1 allow remote malicious users to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash...
Dws Systems Inc. Sql-ledger 2.6.14
Dws Systems Inc. Sql-ledger 2.4.10
Dws Systems Inc. Sql-ledger 2.4.7
Dws Systems Inc. Sql-ledger 2.2.3
Dws Systems Inc. Sql-ledger 2.6.12
Dws Systems Inc. Sql-ledger 2.2.5
Dws Systems Inc. Sql-ledger 2.4.6
Dws Systems Inc. Sql-ledger 2.6.15
Dws Systems Inc. Sql-ledger 2.6.6
Dws Systems Inc. Sql-ledger 2.6.3
Dws Systems Inc. Sql-ledger 2.4.12
Dws Systems Inc. Sql-ledger 2.6.13
Dws Systems Inc. Sql-ledger 2.4.14
Dws Systems Inc. Sql-ledger 2.6.1
Dws Systems Inc. Sql-ledger 2.6.16
Dws Systems Inc. Sql-ledger 2.2.0
Dws Systems Inc. Sql-ledger 2.6.11
Dws Systems Inc. Sql-ledger 2.2.6
Dws Systems Inc. Sql-ledger 2.4.13
Dws Systems Inc. Sql-ledger 2.4.5
Dws Systems Inc. Sql-ledger 2.4.11
Dws Systems Inc. Sql-ledger 2.6.18
1 EDB exploit
312
VMScore
CVE-2013-2322
HP SQL/MX 3.2 and previous versions on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue.
Hp Nonstop Sql\\/mx 2.3
Hp Nonstop Sql\\/mx 21
Hp Nonstop Sql\\/mx
Hp Nonstop Sql\\/mx 3.1
Hp Nonstop Sql\\/mx 2.0
Hp Nonstop Sql\\/mx 1.8
Hp Nonstop Sql\\/mx 3.0
Hp Nonstop Sql\\/mx 2.2
NA
CVE-2023-36728
Microsoft SQL Server Denial of Service Vulnerability
Microsoft Sql Server 2014
Microsoft Sql Server 2017
Microsoft Sql Server 2019
Microsoft Sql Server 2016
Microsoft Sql Server 2022
Microsoft Odbc Driver For Sql Server
Microsoft Ole Db Driver For Sql Server
668
VMScore
CVE-2015-7876
The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x prior to 7.x-1.4 does not properly escape certain characters, which allows remote malicious users to execute arbitrary SQL commands via vectors involving a module using the ...
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.0
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.1
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.2
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.3
169
VMScore
CVE-2020-14740
Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon ...
Oracle Sql Developer 11.2.0.4
Oracle Sql Developer 12.1.0.2
Oracle Sql Developer 12.2.0.1
Oracle Sql Developer 18c
445
VMScore
CVE-2002-1872
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote malicious users to sniff and decrypt the password.
Microsoft Sql Server 7.0
Microsoft Sql Server 2000
Microsoft Sql Server 6.0
Microsoft Sql Server 6.5
1 Github repository
534
VMScore
CVE-2022-29143
Microsoft SQL Server Remote Code Execution Vulnerability
Microsoft Sql Server 2014
Microsoft Sql Server 2016
Microsoft Sql Server 2017
Microsoft Sql Server 2019
890
VMScore
CVE-2007-5372
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 up to and including 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote malicious users to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
Dws Systems Inc. Sql-ledger 2.2.7
Dws Systems Inc. Sql-ledger 2.4.0
Dws Systems Inc. Sql-ledger 2.4.15
Dws Systems Inc. Sql-ledger 2.4.16
Dws Systems Inc. Sql-ledger 2.4.8
Dws Systems Inc. Sql-ledger 2.4.9
Dws Systems Inc. Sql-ledger 2.6.16
Dws Systems Inc. Sql-ledger 2.6.17
Dws Systems Inc. Sql-ledger 2.6.6
Dws Systems Inc. Sql-ledger 2.6.7
Ledgersmb Ledgersmb 1.1.8
Ledgersmb Ledgersmb 1.2.0
Dws Systems Inc. Sql-ledger 2.2.0
Dws Systems Inc. Sql-ledger 2.2.1
Dws Systems Inc. Sql-ledger 2.4.1
Dws Systems Inc. Sql-ledger 2.4.10
Dws Systems Inc. Sql-ledger 2.4.2
Dws Systems Inc. Sql-ledger 2.4.3
Dws Systems Inc. Sql-ledger 2.6.1
Dws Systems Inc. Sql-ledger 2.6.10
Dws Systems Inc. Sql-ledger 2.6.18
Dws Systems Inc. Sql-ledger 2.6.2
605
VMScore
CVE-2016-2346
Allround Automations PL/SQL Developer 11 prior to 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle malicious users to execute arbitrary code by modifying fields in the client-server data stream.
Allroundautomations Pl\\/sql Developer 11.0.5
Allroundautomations Pl\\/sql Developer 11.0.3
Allroundautomations Pl\\/sql Developer 11.0.2
Allroundautomations Pl\\/sql Developer 11.0.1
Allroundautomations Pl\\/sql Developer 11.0
Allroundautomations Pl\\/sql Developer 11.0.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »