KB2958429 - Bugs that are fixed in SQL Server 2012 Service Pack 2

KB2958429 - Bugs that are fixed in SQL Server 2012 Service Pack 2 Introduction This article lists the bugs that are fixed in Microsoft SQL Server 2012 Service Pack 2 SP2. Notes Additional fixes that are not documented here may also be included in the service pack. This list will be updated when...

Starbucks: SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database

As described in the Hacker Summary, @spaceraccoon discovered a SQL Injection vulnerability in a web service backed by Microsoft Dynamics AX. @spaceraccoon demonstrated that the flaw was exploitable via XML-formatted HTTP payload requests to the server. We appreciate @spaceraccoon's clear and...

Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)

This host is missing an important security update according to Microsoft Bulletin MS14-044. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2014-1820

Cross-site scripting XSS vulnerability in Master Data Services MDS in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."...

[SQL Fingerprint] Christmas Release

Microsoft SQL Server fingerprinting can be a time consuming process, because it involves trial and error methods to determine the exact version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for certain server are two of the...