4530 matches found
Microsoft SQL Server multiple security vulnerabilities
XSS, stack overrun...
Kesion网校培训系统注入漏洞
简要描述: rt。 详细说明: kesion网校平台,商业收费版,不提供下载。 demo站点:http://e.kesion.com 注册登陆,http://e.kesion.com/user/course/MyCourseOrder.aspx,我的订单,3个框框都无过滤,可注入: 课程名称处search型注入:test%' and @@version0 and '%'=' SQL server 2000 起止时间也可以注入。 最新版应该是2.6,老版本的还有一处注入: 官网的一个案例:http://www.weekedu.com/...
Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)
This host is missing an important security update according to Microsoft Bulletin MS14-044. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2014-4061
Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...
CVE-2014-1820
Cross-site scripting XSS vulnerability in Master Data Services MDS in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."...
Cross site scripting
Cross-site scripting XSS vulnerability in Master Data Services MDS in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."...
Stack overflow
Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...
CVE-2014-4061
Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...
CVE-2014-1820
Cross-site scripting XSS vulnerability in Master Data Services MDS in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."...
CVE-2014-1820
CVE-2014-1820 describes a cross-site scripting (XSS) vulnerability in Microsoft SQL Server's Master Data Services (MDS). Affected products/versions are SQL Server 2012 SP1 and SQL Server 2014 running on 64-bit platforms, where a crafted URL can cause the MDS web interface to execute arbitrary scr...
CVE-2014-4061
CVE-2014-4061 affects Microsoft SQL Server 2008 SP3, SQL Server 2008 R2 SP2, and SQL Server 2012 SP1. The root cause is improper control of stack memory when processing T-SQL batch commands, enabling remote authenticated users to cause a denial of service (daemon hang). Connected sources align on...
August 2014 Security Updates
Today, as part of Update Tuesday, we released nine securityupdates – two rated Critical and seven rated Important – to address 37 Common Vulnerabilities & Exposures CVEs in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer IE. We encourage you to apply all of these updates, but...
MS14-044: Vulnerabilities in SQL Server could allow elevation of privilege: August 12, 2014
Resolves vulnerabilities in SQL Server that could allow elevation of privilege if a user goes to a specially crafted website that injects a client-side script into the user's instance of Internet Explorer.INTRODUCTIONMicrosoft has released security bulletin MS14-044. To learn more about this...
Microsoft SQL Server Master Data Services CVE-2014-1820 Cross Site Scripting Vulnerability
Description Microsoft SQL Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Technologie...
Microsoft Releases August 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, SQL Server, Server Software, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for August 2014. Some of these vulnerabilities could allow remote code execution, elevation of...
KLA10615 Multiple vulnerabilities in Microsoft SQL Server
Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to cause denial of service or inject arbitrary code. Below is a complete list of vulnerabilities 1. Lack of stack memory restrictions can be exploited remotely via a special...
MS14-044: Vulnerability in SQL Server Could Allow Elevation of Privilege (2984340)
The remote host has a version of Microsoft SQL Server installed. This version of SQL Server is affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in the SQL Master Data Services. CVE-2014-1820 - A denial of service vulnerability exists in SQL Server. CVE-2014-406...
MS14-044: Vulnerability in SQL Server Could Allow Elevation of Privilege (2984340) (uncredentialed check)
The remote host has a version of Microsoft SQL Server installed. This version of SQL Server is potentially affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in the SQL Master Data Services. CVE-2014-1820 - A denial of service vulnerability exists in SQL Server...
Microsoft SQL Server CVE-2014-4061 Local Denial of Service Vulnerability
Description Microsoft SQL Server is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause a system to stop responding, denying further service to legitimate users. Technologies Affected Microsoft SQL Server 2008 32bit SP3 Microsoft SQL Server 2008 R2 for 32-b...
IE to Block Older ActiveX Controls, Starting with Java
Next week’s Microsoft Patch Tuesday security bulletins will not only bring nine new security bulletins but also an update to Internet Explorer that blocks outdated ActiveX controls, starting with Java. Notifications will flag the older ActiveX controls and users will have the option to update the...