62 matches found
Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability
Description Microsoft has reported a vulnerability in SQL Server. According to the report, the vulnerability may be exploited by malicious database users to elevate privileges. Web tasks create HTML files containing queried data. They are invoked with a stored procedure. By default, the privilege...
CVE-2002-0982
Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the spMScopyscript stored procedure...
Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_printstatements" extended procedure
Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpprintstatements , that permits an unprivileged user of a database to gain administrative...
Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_execresultset" extended procedure
Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpexecresultset , that permits an unprivileged user of a database to gain administrative...
Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability
Description A vulnerability has been discovered in Microsoft SQL Server that could make it possible for remote attackers to gain access to target hosts. It is possible for an attacker to cause a buffer overflow condition on the vulnerable SQL server with a malformed login request. This may allow ...
Security Bulletin MS02-020:SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507)
---------------------------------------------------------------------- Title: SQL Extended Procedure Functions Contain Unchecked Buffers Q319507 Date: 17 April 2002 Software: Microsoft SQL Server Impact: Run Code of Attacker's Choice Max Risk: Moderate Bulletin: MS02-020 Microsoft encourages...
Security Bulletin MS02-007
---------------------------------------------------------------------- Title: SQL Server Remote Data Source Function Contain Unchecked Buffers Date: 20 February 2002 Software: Microsoft SQL Server Impact: Run code of attacker's choice on server Max Risk: Moderate Bulletin: MS02-007 Microsoft...
Microsoft SQL Server sa Account Default Blank Password
The remote instance of MS SQL / SQL Server has the default 'sa' account enabled without any password. An attacker may leverage this flaw to execute commands against the remote host, as well as read the content of any databases it might have. %NASLMINLEVEL 70300 this script attempts to log in to a...
CVE-2000-1083
The xpshowcolv function in SQL Server and Microsoft SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or execute...
CVE-2000-1084
The xpupdatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or execu...
CVE-2000-1082
The xpenumresultset function in SQL Server and Microsoft SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or...
CVE-2000-1084
The xpupdatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or execu...
CVE-2000-1083
The xpshowcolv function in SQL Server and Microsoft SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or execute...
CVE-2000-1087
The xpproxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service ...
CVE-2000-1088
The xpSetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service o...
Дырка в SQL Server (Extended Stored Procedures)
Переполнение буфера в нескольких общщедоступных хранимых процедурах позволяет выполнение кода...
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...
Security Bulletin (MS00-048)
Microsoft Security Bulletin MS00-048 - --------------------------------------- Patch Available for "Stored Procedure Permissions" Vulnerability Originally Posted: July 7, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr SQL Server 7.0. The...
CVE-2000-0199
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password...
SQL Server LIMIT / OFFSET SQL Injection
Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...