Starbucks: SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database

As described in the Hacker Summary, @spaceraccoon discovered a SQL Injection vulnerability in a web service backed by Microsoft Dynamics AX. @spaceraccoon demonstrated that the flaw was exploitable via XML-formatted HTTP payload requests to the server. We appreciate @spaceraccoon's clear and...

The vulnerability of the Microsoft Dynamics AX resource planning system, which allows a remote attacker to trigger a service failure

Microsoft Dynamics AX software contains a vulnerability related to the incorrect processing of specially crafted messages in the AOS format, which can lead to service failure...

CVE-2014-0261

CVE-2014-0261 affects Microsoft Dynamics AX platforms: 4.0 SP2, 2009 SP1, 2012, and 2012 R2. The issue is a remote denial of service via crafted data to the Application Object Server (AOS), also called the Query Filter DoS vulnerability. Exploitation requires remote authenticated access. Impact i...

CVE-2014-0261

Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service instance outage via crafted data to an Application Object Server AOS instance, aka "Query Filter DoS Vulnerability."...

Microsoft Dynamics AX DoS

Query filter hangs on request processing...

KLA10606 Denial of service vulnerability in Microsoft Dynamics AX

An unspecified vulnerability was found in Dynamics AX. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed data. Original advisories CVE-2014-0261 Related products Microsoft-Dynamics-AX CVE list...

MS14-004: Vulnerability in Microsoft Dynamics AX could allow denial of service: January 14, 2014

Resolves a vulnerability in Microsoft Dynamics AX that could allow denial of service if an authenticated attacker submits specially crafted data to an affected Dynamics AX server. An attacker who successfully exploited this vulnerability could cause the target Dynamics AX server to stop respondin...

Microsoft Dynamics AX CVE-2014-0261 Remote Denial of Service Vulnerability

Description Microsoft Dynamics AX is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an application to crash or become unresponsive, denying service to legitimate users. Technologies Affected Microsoft Dynamics AX 2009 Service Pack 1 Microsoft Dynami...

MS14-004: Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)

The version of Microsoft Dynamics AX installed on the remote host has a denial of service vulnerability in the Application Object Server instance. By exploiting this flaw, a remote, authenticated attacker could crash the affected service. C Tenable Network Security, Inc. include'compat.inc'; if...

MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (MSSQL check)

Binary data ms12-040mssql.nbin...

Microsoft Dynamics AX Installed

Microsoft Dynamics AX, an ERP solution, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59453; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/02/01"; scriptnameenglish:"Microsoft Dynamics AX...

Microsoft Dynamics AX crossite scripting

Crossite scripting via URLs...

Cross site scripting

Cross-site scripting XSS vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."...

CVE-2012-1857

CVE-2012-1857 describes a cross-site scripting (XSS) vulnerability in the Enterprise Portal component of Microsoft Dynamics AX 2012. An attacker could craft a URL to cause arbitrary script/HTML execution in a victim’s browser. Affected product: Dynamics AX 2012 Enterprise Portal; vulnerability tr...

Microsoft Dynamic AX Enterprise Portal Cross Site Scripting Vulnerability

Description Microsoft Dynamic AX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...