Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2024-26161: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

Microsoft Security Response Center
#sql#vulnerability#microsoft#rce#auth#Microsoft WDAC OLE DB provider for SQL#Security Vulnerability
CVE-2024-21450: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2024-21441: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

RUPPEINVOICE 1.0 SQL Injection

RUPPEINVOICE version 1.0 suffers from a remote SQL injection vulnerability.

WordPress Hide My WP SQL Injection

WordPress Hide My WP plugin versions 6.2.9 and below suffer from an unauthenticated remote SQL injection vulnerability.

NDtaskmatic 1.0 SQL Injection

NDtaskmatic version 1.0 suffers from a remote SQL injection vulnerability.

Red Hat Security Advisory 2024-1195-03

Red Hat Security Advisory 2024-1195-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

GliNet 4.x Authentication Bypass

GliNet with firmware version 4.x suffers from an authentication bypass vulnerability. Other firmware versions may also be affected.

Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation

The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to the file system.

Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal

Artica Proxy versions 4.40 and 4.50 suffer from a local file inclusion protection bypass vulnerability that allows for path traversal.