27 matches found
Starbucks: SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database
As described in the Hacker Summary, @spaceraccoon discovered a SQL Injection vulnerability in a web service backed by Microsoft Dynamics AX. @spaceraccoon demonstrated that the flaw was exploitable via XML-formatted HTTP payload requests to the server. We appreciate @spaceraccoon's clear and...
The vulnerability of the Microsoft Dynamics AX resource planning system, which allows a remote attacker to trigger a service failure
Microsoft Dynamics AX software contains a vulnerability related to the incorrect processing of specially crafted messages in the AOS format, which can lead to service failure...
Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A
Today we’re publishing the January 2014 Security Bulletin Webcast Questions & Answers page. We answered 16 questions in total, with the majority of questions focusing on the Dynamics AX bulletin MS14-004, the update for Microsoft Word MS14-001 and the re-release of the Windows 7 and Windows Serve...
Design/Logic Flaw
Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service instance outage via crafted data to an Application Object Server AOS instance, aka "Query Filter DoS Vulnerability."...
CVE-2014-0261
Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service instance outage via crafted data to an Application Object Server AOS instance, aka "Query Filter DoS Vulnerability."...
CVE-2014-0261
CVE-2014-0261 affects Microsoft Dynamics AX platforms: 4.0 SP2, 2009 SP1, 2012, and 2012 R2. The issue is a remote denial of service via crafted data to the Application Object Server (AOS), also called the Query Filter DoS vulnerability. Exploitation requires remote authenticated access. Impact i...
Microsoft Dynamics AX DoS
Query filter hangs on request processing...
Microsoft January 2014 Patch Tuesday Security Updates
Microsoft is entering softly into 2014 with a minimalist version of Patch Tuesday, which is likely to be a welcome reprieve. Windows shops can expect a busy re-tooling year ahead as Microsoft not only ends support—including security updates—for Windows XP, but also will restrict the use of MD5 in...
Microsoft Releases January 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of...
KLA10606 Denial of service vulnerability in Microsoft Dynamics AX
An unspecified vulnerability was found in Dynamics AX. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed data. Original advisories CVE-2014-0261 Related products Microsoft-Dynamics-AX CVE list...
MS14-004: Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)
The version of Microsoft Dynamics AX installed on the remote host has a denial of service vulnerability in the Application Object Server instance. By exploiting this flaw, a remote, authenticated attacker could crash the affected service. C Tenable Network Security, Inc. include'compat.inc'; if...
MS14-004: Vulnerability in Microsoft Dynamics AX could allow denial of service: January 14, 2014
Resolves a vulnerability in Microsoft Dynamics AX that could allow denial of service if an authenticated attacker submits specially crafted data to an affected Dynamics AX server. An attacker who successfully exploited this vulnerability could cause the target Dynamics AX server to stop respondin...
Microsoft Dynamics AX CVE-2014-0261 Remote Denial of Service Vulnerability
Description Microsoft Dynamics AX is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an application to crash or become unresponsive, denying service to legitimate users. Technologies Affected Microsoft Dynamics AX 2009 Service Pack 1 Microsoft Dynami...
Microsoft Releases Advance Notification for January Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating its January release will contain four bulletins. These bulletins will have the severity rating of important and will be for Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, a multi-language,...
Advance Notification Service for the January 2014 Security Bulletin Release
Today we provide advance notification for the release of four bulletins for January 2014. All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described i...
MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (MSSQL check)
Binary data ms12-040mssql.nbin...
Microsoft Dynamics AX crossite scripting
Crossite scripting via URLs...
MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
The version of Microsoft Dynamics AX Enterprise Portal on the remote host has an unspecified cross-site scripting vulnerability. An attacker could exploit this by tricking a user into making a malicious request, resulting in arbitrary script code execution. This plugin checks if the system is...
Microsoft Dynamics AX Installed
Microsoft Dynamics AX, an ERP solution, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59453; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/02/01"; scriptnameenglish:"Microsoft Dynamics AX...
Cross site scripting
Cross-site scripting XSS vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."...