8 matches found
Microsoft SQL Server Management Studio XXE Injection Information Disclosure (CVE-2018-8527; CVE-2018-8532; CVE-2018-8533)
Multiple information disclosure vulnerabilities exist in Microsoft SQL Server Management Studio. The vulnerabilities are due to a flaw when parsing a malicious XEL/XML/XMLA file containing a reference to an external entity. A remote authenticated attacker could exploit these vulnerabilities by...
Microsoft SQL Server Management Studio Multiple vulnerabilities (October 2018)
The version of Microsoft SQL Server Management Studio installed on the remote Windows host is a version prior or equal to 17.9, 18.0 Preview 4. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's...
Microsoft SQL Server Management Studio 17.9 - .xmla XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - .xmla XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com...
CVE-2018-8532
creationtimestamp| type| source ---|---|--- 2018-10-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45587 2018-10-17 15:28:11+00:00| seen| MISP/5bc753fe-8050-452f-9431-070d0a021402...
Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection
Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 Previe...
Information disclosure
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, S...
CVE-2018-8532
Microsoft SQL Server Management Studio (SSMS) 17.9 and SSMS 18.0 (Preview 4) are affected by CVE-2018-8532 due to an XML External Entity (XXE) information-disclosure vulnerability when parsing a crafted XMLA file that references an external entity. The vulnerability enables disclosure of sensitiv...
Microsoft SQL Server Management Studio CVE-2018-8532 Information Disclosure Vulnerability
Description Microsoft SQL Server Management Studio is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server Management Studio 17.9 Microsoft SQL Server...