Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql server 2017 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-18362
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware pay...
Connectwise Manageditsync
1 Article
668
VMScore
CVE-2017-10816
SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote malicious users to execute arbitrary SQL commands via Relay Service Server.
Intercom Malion
668
VMScore
CVE-2017-5879
An issue exists in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulne...
Exponentcms Exponent Cms 2.4.1
668
VMScore
CVE-2017-5569
An issue exists in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, usi...
Eclinicalworks Patient Portal 7.0
655
VMScore
CVE-2017-7221
OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created ...
Opentext Documentum Content Server -
1 EDB exploit
605
VMScore
CVE-2020-25694
A flaw was found in PostgreSQL versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20 and prior to 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-rele...
Postgresql Postgresql
Debian Debian Linux 9.0
580
VMScore
CVE-2017-17091
wp-admin/user-new.php in WordPress prior to 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote malicious users to bypass intended access restrictions by entering this string.
Wordpress Wordpress
2 Github repositories
578
VMScore
CVE-2021-1636
Microsoft SQL Elevation of Privilege Vulnerability
Microsoft Sql Server 2014
Microsoft Sql Server 2016
Microsoft Sql Server 2012
Microsoft Sql Server 2017
Microsoft Sql Server 2019
1 Github repository
578
VMScore
CVE-2020-25695
A flaw was found in PostgreSQL versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20 and prior to 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity o...
Postgresql Postgresql
Debian Debian Linux 9.0
1 Github repository
578
VMScore
CVE-2019-1068
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
Microsoft Sql Server 2017
Microsoft Sql Server 2014
Microsoft Sql Server 2016
1 Github repository
2 Articles
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »