CVE-2023-21704 – Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21704
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución de código remota de Microsoft ODBC Driver para SQL Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704 • CWE-190: Integer Overflow or Wraparound •
CVE-2023-21528 – Microsoft SQL Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21528
Microsoft SQL Server Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528 • CWE-122: Heap-based Buffer Overflow •
CVE-2022-29143 – Microsoft SQL Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-29143
Microsoft SQL Server Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota en Microsoft SQL Server • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29143 •
CVE-2021-1636 – Microsoft SQL Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1636
Microsoft SQL Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Microsoft SQL • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1636 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1636 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-0618 – Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-0618
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SQL Server Reporting Services cuando maneja inapropiadamente las peticiones de página, también se conoce como "Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability". A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server. Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. • https://www.exploit-db.com/exploits/48816 https://github.com/euphrat1ca/CVE-2020-0618 https://github.com/itstarsec/CVE-2020-0618 http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618 https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporti • CWE-502: Deserialization of Untrusted Data •