CVE-2022-35835 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
This issue was discovered by Suman Jana and Milana Kovacev from IT security company SentinelOne. This issue affects SQL Server 2012 SP1, 2012 SP2, 2014,
CVE-2022-35836 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
A remote attacker can send specially crafted queries to the SQL Server via HTTP requests. Such requests can be received by a vulnerable server and
CVE-2022-38542 Archery v1.4.0 to v1.8.5 had a SQL injection vulnerability in the kill_session interface.
If an attacker could convince a victim to load the Archery website via the vulnerable URL, they could exploit this vulnerability to execute arbitrary SQL
CVE-2022-38540 Archery v1.4.0 to v1.8.5 had a SQL injection vulnerability in the create_kill_session interface.
An attacker could exploit this vulnerability to execute SQL commands with the privileges of the user that requested the kill_session. This could lead to
CVE-2022-38541 Archery v1.8.3 to v1.8.5 had multiple SQL injection vulnerabilities in the my2sql interface.
An attacker can exploit these vulnerabilities to inject arbitrary SQL statements into the database and take advantage of database ACLs that permit only certain actions
Episode
00:00:00
00:00:00