4529 matches found
CVE-2002-0649
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 MSDE allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which 1 a 0x04 byte that causes the SQL Monitor thread to generate...
CVE-2002-0644
Buffer overflow in several Database Consistency Checkers DBCCs for Microsoft SQL Server 2000 and Microsoft Desktop Engine MSDE 2000 allows members of the dbowner and dbddladmin roles to execute arbitrary code...
CVE-2002-0649
CVE-2002-0649 describes a remote buffer-overflow in the SQL Server Resolution Service of Microsoft SQL Server 2000 and MSDE (port 1434/UDP). The vulnerability is triggered by UDP packets beginning with 0x04 (long registry key name) or 0x08 (long string), which can cause a denial of service or arb...
SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities.
Security Advisory Name: SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities. System Affected : Sql Server 2000 all Service Packs. Severity : High. Author: Cesar Cerrudo. Date: 07/25/2002 Advisory Number: CC070205 Overview: Database Consistency Checkers DBCCs are command console...
Microsoft SQL Server 2000 contains denial-of-service vulnerability in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a vulnerability that allows remote attackers to create a denial-of-service condition between two Microsoft SQL servers. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral services for...
Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a remotely exploitable stack buffer overflow that allows attackers to execute arbitrary code with the same privileges as the SQL server. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral...
Microsoft SQL Server 2000 contains heap buffer overflow in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a remotely exploitable heap buffer overflow that allows attackers to execute arbitrary code with the same privileges as the SQL server. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral...
Microsoft SQL Server contains buffer overflow vulnerabilities in multiple extended stored procedures
Overview Microsoft SQL Server 7.0 and SQL Server 2000 contain buffer overflow vulnerabilities in multiple extended stored procedures. A remote attacker could cause a denial of service or execute arbitrary code or commands with the privileges of the SQL Server process, potentially gaining complete...
Microsoft SQL Server 2000 - sp_MScopyscript SQL Injection
Microsoft SQL Server 2000 - spMScopyscript SQL Injection source: https://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the abili...
Microsoft SQL Server 2000 - Database Consistency Checkers Buffer Overflow
Microsoft SQL Server 2000 - Database Consistency Checkers Buffer Overflow source: https://www.securityfocus.com/bid/5307/info Microsoft SQL Server 2000 includes utilities called Database Consistency Checkers DBCC. Several of these programs contain identical buffer overflows that, when exploited,...
Microsoft SQL Server 2000 - Resolution Service Heap Overflow
Microsoft SQL Server 2000 - Resolution Service Heap Overflow source: https://www.securityfocus.com/bid/5310/info A vulnerability in Microsoft SQL Server 2000 could allow remote attackers to access target hosts. A problem in the SQL Server Resolution Service allows a remote attacker to execute...
Security Bulletin MS02-039: Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875)
---------------------------------------------------------------------- Title: Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution Q323875 Date: 24 July 2002 Software: SQL Server 2000 Impact: Three vulnerabilities, the most serious of which could enable an attacker to...
Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
NGSSoftware Insight Security Research Advisory Name: Unauthenticated Remote Compromise in MS SQL Server 2000 Systems: Microsoft SQL Server 2000, all Service Packs Severity: Critical/Very High Risk. Category: Remote Buffer Overrun Vulnerability Vendor URL: http://www.microsoft.com/ Author: David...
Security Bulletin MS02-038: Cumulative Patch for SQL Server 2000 Service Pack 2 (Q316333)
-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Cumulative Patch for SQL Server 2000 Service Pack 2 Q316333 Date: 24 July 2002 Software: Microsoft SQL Server 2000, Microsoft Desktop Engine MSDE 2000 Impact: Two vulnerabilities, bo...
Microsoft SQL Server 2000 - Database Consistency Checkers Buffer Overflow
source: https://www.securityfocus.com/bid/5307/info Microsoft SQL Server 2000 includes utilities called Database Consistency Checkers DBCC. Several of these programs contain identical buffer overflows that, when exploited, could allow an attacker to execute arbitrary code with the privilege level...
Microsoft SQL Server 2000 - Resolution Service Heap Overflow
source: https://www.securityfocus.com/bid/5310/info A vulnerability in Microsoft SQL Server 2000 could allow remote attackers to access target hosts. A problem in the SQL Server Resolution Service allows a remote attacker to execute arbitrary code on a vulnerable host. The attacker could exploit ...
Microsoft SQL Server 2000 - sp_MScopyscript SQL Injection
source: https://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the ability to execute a query or pass malicious input to a query...
Microsoft SQL Server service account registry key has weak permissions that permit privilege escalation
Overview The Microsoft SQL Server contains a vulnerability that allows remote attackers to execute arbitrary commands with system privileges. Description The Microsoft SQL Server typically runs under a dedicated "service account" that is defined by system administrators at installation time. This...
Microsoft SQL Server contains buffer overflows in several Database Consistency Checkers
Overview Microsoft SQL Server ships with several administrative tools that allow database users to elevate their administrative privileges from a single database to all databases on the server. Description Microsoft SQL Server ships with several utilities known as Database Consistency Checkers...
Microsoft SQL Server contains buffer overflow in code used to process "BULK INSERT" queries
Overview The Microsoft SQL Server contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code with system privileges. Description The Microsoft SQL Server contains a buffer overflow vulnerability in the code used to process "Bulk Insert" queries. Bulk Insert...