26 matches found
Starbucks: SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database
As described in the Hacker Summary, @spaceraccoon discovered a SQL Injection vulnerability in a web service backed by Microsoft Dynamics AX. @spaceraccoon demonstrated that the flaw was exploitable via XML-formatted HTTP payload requests to the server. We appreciate @spaceraccoon's clear and...
Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A
Today we’re publishing the January 2014 Security Bulletin Webcast Questions & Answers page. We answered 16 questions in total, with the majority of questions focusing on the Dynamics AX bulletin MS14-004, the update for Microsoft Word MS14-001 and the re-release of the Windows 7 and Windows Serve...
Design/Logic Flaw
Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service instance outage via crafted data to an Application Object Server AOS instance, aka "Query Filter DoS Vulnerability."...
CVE-2014-0261
CVE-2014-0261 affects Microsoft Dynamics AX platforms: 4.0 SP2, 2009 SP1, 2012, and 2012 R2. The issue is a remote denial of service via crafted data to the Application Object Server (AOS), also called the Query Filter DoS vulnerability. Exploitation requires remote authenticated access. Impact i...
CVE-2014-0261
Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service instance outage via crafted data to an Application Object Server AOS instance, aka "Query Filter DoS Vulnerability."...
Microsoft Dynamics AX DoS
Query filter hangs on request processing...
Microsoft January 2014 Patch Tuesday Security Updates
Microsoft is entering softly into 2014 with a minimalist version of Patch Tuesday, which is likely to be a welcome reprieve. Windows shops can expect a busy re-tooling year ahead as Microsoft not only ends support—including security updates—for Windows XP, but also will restrict the use of MD5 in...
KLA10606 Denial of service vulnerability in Microsoft Dynamics AX
An unspecified vulnerability was found in Dynamics AX. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed data. Original advisories CVE-2014-0261 Related products Microsoft-Dynamics-AX CVE list...
Microsoft Releases January 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of...
MS14-004: Vulnerability in Microsoft Dynamics AX could allow denial of service: January 14, 2014
Resolves a vulnerability in Microsoft Dynamics AX that could allow denial of service if an authenticated attacker submits specially crafted data to an affected Dynamics AX server. An attacker who successfully exploited this vulnerability could cause the target Dynamics AX server to stop respondin...
Microsoft Dynamics AX CVE-2014-0261 Remote Denial of Service Vulnerability
Description Microsoft Dynamics AX is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an application to crash or become unresponsive, denying service to legitimate users. Technologies Affected Microsoft Dynamics AX 2009 Service Pack 1 Microsoft Dynami...
MS14-004: Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)
The version of Microsoft Dynamics AX installed on the remote host has a denial of service vulnerability in the Application Object Server instance. By exploiting this flaw, a remote, authenticated attacker could crash the affected service. C Tenable Network Security, Inc. include'compat.inc'; if...
Microsoft Releases Advance Notification for January Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating its January release will contain four bulletins. These bulletins will have the severity rating of important and will be for Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, a multi-language,...
Advance Notification Service for the January 2014 Security Bulletin Release
Today we provide advance notification for the release of four bulletins for January 2014. All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described i...
MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (MSSQL check)
Binary data ms12-040mssql.nbin...
Microsoft Dynamics AX Installed
Microsoft Dynamics AX, an ERP solution, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59453; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/02/01"; scriptnameenglish:"Microsoft Dynamics AX...
MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
The version of Microsoft Dynamics AX Enterprise Portal on the remote host has an unspecified cross-site scripting vulnerability. An attacker could exploit this by tricking a user into making a malicious request, resulting in arbitrary script code execution. This plugin checks if the system is...
Microsoft Dynamics AX crossite scripting
Crossite scripting via URLs...
Cross site scripting
Cross-site scripting XSS vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."...
CVE-2012-1857
CVE-2012-1857 describes a cross-site scripting (XSS) vulnerability in the Enterprise Portal component of Microsoft Dynamics AX 2012. An attacker could craft a URL to cause arbitrary script/HTML execution in a victim’s browser. Affected product: Dynamics AX 2012 Enterprise Portal; vulnerability tr...