4530 matches found
CVE-2002-1123
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine MSDE 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow...
CVE-2002-1137
CVE-2002-1137 describes a buffer overflow in the Database Console Command (DBCC) in Microsoft SQL Server 7.0 and 2000, including MSDE 1.0/MSDE 2000. The vulnerability stems from handling of user input, allowing an attacker to execute arbitrary code via a long SourceDB argument in a non-SQL OLEDB ...
CVE-2002-1138
CVE-2002-1138 affects Microsoft SQL Server 7.0 and 2000, including MSDE 1.0 and MSDE 2000. The flaw is in Output File Handling for Scheduled Jobs: these components write output files for scheduled jobs under the SQL Server service account rather than the launching entity. This privilege mismatch ...
CVE-2002-0729
Microsoft SQL Server 2000 is affected by CVE-2002-0729. The vulnerability allows remote attackers to cause a denial of service by sending a malformed 0x08 packet missing a colon separator. Root cause is a malformed packet handling in the SQL Server service. Public details in the provided document...
CVE-1999-1556
Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value...
CVE-2002-1137
Buffer overflow in the Database Console Command DBCC that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine MSDE 1.0 and Microsoft Desktop Engine MSDE 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data...
CVE-2002-1123
CVE-2002-1123 is a buffer overflow in the authentication function of Microsoft SQL Server 2000 and MSDE 2000 triggered by a long TCP 1433 request, enabling remote code execution. Public writeups and scanners (MS02-056, Metasploit/MSF module, OpenVAS checks) confirm the existence of the Hello Over...
CVE-2002-1138
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine MSDE 1.0 and Microsoft Desktop Engine MSDE 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File...
CVE-2002-0729
Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator...
CVE-1999-1556
CVE-1999-1556 affects Microsoft SQL Server 6.5. The issue arises from weak encryption of the password for the SQLExecutiveCmdExec account and storing it in an accessible portion of the registry, enabling local users to read and decrypt the CmdExecAccount value and potentially gain privileges. The...
SQL Server Cleartext 'sa' Account NULL Password Attempted Login (deprecated)
Binary data 1108.prm...
SQL Server Cleartext 'sql' Account 'sql' Password Authentication (deprecated)
Binary data 1130.prm...
SQL Server Cleartext 'admin' Account 'admin' Password Attempted Login (deprecated)
Binary data 1115.prm...
SQL Server Cleartext 'sa' Account 'password' Password Attempted Login (deprecated)
Binary data 1110.prm...
SQL Server Cleartext 'sa' Account 'administrator' Password Authentication (deprecated)
Binary data 1124.prm...
SQL Server Cleartext 'sa' Account 'NULL' Password Authentication (deprecated)
Binary data 1121.prm...
SQL Server Cleartext 'sa' Account 'administrator' Password Attempted Login (deprecated)
Binary data 1111.prm...
SQL Server Cleartext 'admin' Account 'password' Password Authentication (deprecated)
Binary data 1132.prm...
SQL Server Cleartext 'admin' Account 'admin' Password Authentication (deprecated)
Binary data 1127.prm...
SQL Server Cleartext 'sql' Account 'sql' Password Attempted Login (deprecated)
Binary data 1118.prm...