Chris Thompson

**Name of the Vulnerable Software and Affected Versions** SQL Server (affected versions not specified) **Description** The software contains an improper neutralization of special elements in SQL commands, leading to a potential SQL injection issue. This allows an authorized attacker to elevate privileges over a network. Additionally, an elevation-of-privilege issue can allow attackers to affect the system. The vulnerability is related to incorrect privilege assignment within the database management system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Solaris 9 versions 113579-02 through 113579-05 Solaris 9 versions 114342-02 through 114342-05 **Description** The issue allows local users to extract the contents of secure NIS maps, such as passwd.adjunct.byname, using ypcat or ypmatch due to improper access restriction by ypserv and ypxfrd. **Recommendations** For Solaris 9 versions 113579-02 through 113579-05, apply the patch to update beyond version 113579-05. For Solaris 9 versions 114342-02 through 114342-05, apply the patch to update beyond version 114342-05.