Lucene search
K

9 matches found

Check Point Advisories
Check Point Advisories
added 2018/11/18 12:0 a.m.11 views

Microsoft SQL Server Management Studio XXE Injection Information Disclosure (CVE-2018-8527; CVE-2018-8532; CVE-2018-8533)

Multiple information disclosure vulnerabilities exist in Microsoft SQL Server Management Studio. The vulnerabilities are due to a flaw when parsing a malicious XEL/XML/XMLA file containing a reference to an external entity. A remote authenticated attacker could exploit these vulnerabilities by...

4.3CVSS1.4AI score0.23373EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2018/10/12 12:0 a.m.95 views

Microsoft SQL Server Management Studio Multiple vulnerabilities (October 2018)

The version of Microsoft SQL Server Management Studio installed on the remote Windows host is a version prior or equal to 17.9, 18.0 Preview 4. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's...

5.5CVSS5.9AI score0.23373EPSS
Exploits15References4
Packet Storm
Packet Storm
added 2018/10/11 12:0 a.m.69 views

Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-SQL-SERVER-MGMT-STUDIO-XEL-FILETYPE-XML-INJECTION-CVE-2018-8527.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product SQL Server...

0.3AI score0.23373EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.488 views

Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection

Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 Preview...

5.5CVSS5.5AI score0.23373EPSS
Exploits5
Circl
Circl
added 2018/10/11 12:0 a.m.14 views

CVE-2018-8527

creationtimestamp| type| source ---|---|--- 2018-10-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45585 2018-10-17 15:32:59+00:00| seen| MISP/5bc75546-5b4c-4811-b692-070d0a021402...

5.5CVSS6.8AI score0.23373EPSS
Exploits5References1
OSV
OSV
added 2018/10/10 1:29 p.m.2 views

CVE-2018-8527

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQ...

5.5CVSS5.8AI score0.23373EPSS
Exploits5References4
Prion
Prion
added 2018/10/10 1:29 p.m.21 views

Information disclosure

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, S...

4.3CVSS5.1AI score0.23373EPSS
Exploits15References4Affected Software1
Prion
Prion
added 2018/10/10 1:29 p.m.15 views

Information disclosure

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, S...

4.3CVSS5.1AI score0.23373EPSS
Exploits15References4Affected Software1
CVE
CVE
added 2018/10/10 1:0 p.m.95 views

CVE-2018-8527

CVE-2018-8527 (and related CVEs 2018-8532/8533) affect Microsoft SQL Server Management Studio (SSMS) 17.9 and 18.0 Preview 4. The root cause is an XML/XEL parsing flaw that allows XML External Entity (XXE) injection via a malicious XEL/XML/XMLA file, leading to information disclosure. Exploitatio...

5.5CVSS5.2AI score0.23373EPSS
Exploits5References4Affected Software1
Rows per page
Query Builder