4519 matches found
CVE-2018-8533
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, S...
Microsoft SQL Server Management Studio Information Disclosure Vulnerability (CNVD-2019-01572)
Microsoft SQL Server Management Studio is an integrated environment for managing multiple SQL infrastructures from Microsoft. The product is mainly used for setting up, monitoring and managing SQL programs. An information disclosure vulnerability exists in Microsoft SQL Server Management Studio...
Microsoft SQL Server Management Studio regsrvr File XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
July 24, 2018—KB4340917 (OS Build 17134.191)
July 24, 2018—KB4340917 OS Build 17134.191 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Important changes include the following: Addresses an issue that causes devices within Active Directory or Hybrid AADJ...
Microsoft SQL Server Management Studio xmla File XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
Microsoft SQL Server Management Studio xel File XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
Microsoft Patches Zero-Day Under Active Attack by APT
Microsoft has issued a patch for a zero-day bug being actively exploited in the wild, as part of its Patch Tuesday security bulletin. The vulnerability is an elevation-of-privilege flaw, rated important, affecting the Windows Win32k component. The zero-day CVE-2018-8453, found by Kaspersky Lab,...
Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities
Microsoft has just released its latest monthly Patch Tuesday updates for October 2018, fixing a total of 49 security vulnerabilities in its products. This month's security updates address security vulnerabilities in Microsoft Windows, Edge Browser, Internet Explorer, MS Office, MS Office Services...
SQL Server Management Studio Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing a malicious XMLA file containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaratio...
SQL Server Management Studio Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing malicious XML content containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaratio...
SQL Server Management Studio Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing a malicious XEL file containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration...
Microsoft SQL Server Management Studio CVE-2018-8533 Information Disclosure Vulnerability
Description Microsoft SQL Server Management Studio is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server Management Studio 17.9 Microsoft SQL Server...
KLA11888 Multiple vulnerabilties in Microsoft SQL Server
An information disclosure vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2018-8527 CVE-2018-8532 CVE-2018-8533 Exploitation Public exploits exist for this vulnerability. Related products...
Microsoft SQL Server Management Studio CVE-2018-8532 Information Disclosure Vulnerability
Description Microsoft SQL Server Management Studio is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server Management Studio 17.9 Microsoft SQL Server...
Microsoft SQL Server Management Studio CVE-2018-8527 Information Disclosure Vulnerability
Description Microsoft SQL Server Management Studio is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server Management Studio 17.9 Microsoft SQL Server...
Intel Extreme Tuning Utility 6.4.1.23 Code Execution / Privilege Escalation Vulnerabilities
Intel Extreme Tuning Utility version 6.4.1.23 suffers from code execution, privilege escalation, and denial of service vulnerabilities. Intel Extreme Tuning Utility 6.4.1.23 Code Execution / Privilege Escalation Hi @ll, the executable installer of the Intel Extreme Tuning Utility, version 6.4.1.2...
CVE-2018-16659
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xpcmdshell for the further privilege elevation...
CVE-2018-16659
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xpcmdshell for the further privilege elevation...
Sql injection
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xpcmdshell for the further privilege elevation...
CVE-2018-16659
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xpcmdshell for the further privilege elevation...