4529 matches found
Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_displayparamstmt Buffer Overflow
// source: https://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or arbitrary code to be executed o...
Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_showcolv Buffer Overflow
// source: https://www.securityfocus.com/bid/2038/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or arbitrary code to be executed o...
CVE-2000-0603
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability...
CVE-2000-0603
Microsoft SQL Server 7.0 contains a vulnerability where a local user can bypass stored‑procedure permissions by referencing them through a temporary stored procedure, effectively elevating privileges. The issue affects the ability to enforce access controls on stored procedures and is described a...
CVE-2000-0485
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service DTS package Properties dialog, aka the "DTS Password" vulnerability...
CVE-2000-0485
Summary: The provided documents describe a vulnerability in Microsoft SQL Server related to Data Transformation Services (DTS) Password handling. Local users can obtain database passwords via the DTS package Properties dialog, i.e., the "DTS Password" vulnerability. The available records do not s...
CVE-2000-0402
CVE-2000-0402 concerns Information Disclosure in Microsoft SQL Server 7.0: the sa password is stored in plaintext in a log file (sqlsp.log) readable by any user. This vulnerability is described as the "SQL Server 7.0 Service Pack Password" issue. Public references in the provided documents point ...
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...
Проблемы с хранимыми процедурами в SQL Server 7
Любой пользователь может выполнить хранимую процедуру, даже не имея на нее прав...
Security Bulletin (MS00-048)
Microsoft Security Bulletin MS00-048 - --------------------------------------- Patch Available for "Stored Procedure Permissions" Vulnerability Originally Posted: July 7, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr SQL Server 7.0. The...
CVE-2000-0603
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability...
Security Bulletin (MS00-041)
Microsoft Security Bulletin MS00-041 - -------------------------------------- Patch Available for "DTS Password" Vulnerability Originally posted: June 14, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoftr SQL...
Steal Passwords Using SQL Server EM
If you have access to a SQL Server database, as a normal user, you have the ability to view others passwords who have created a DTS package. Scenario: a.. Log into the SQL Server b.. Expand 'Data Transformation Services' c.. Click on 'Local Packages' d.. Right click on any package, and choose...
Security Bulletin (MS00-035)
Microsoft Security Bulletin MS00-035 - -------------------------------------- Patch Available for "SQL Server 7.0 Service Pack Password" Vulnerability May 30, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr SQL Serverr 7.0 Service Packs 1...
Проблема с паролем администратора в MS SQL 7
После установки SP1 или 2 при использовании смешанного режима авторизации пароль администратора в открытом тексте попадает в файл TEMPsqlsp.log...
CVE-2000-0485
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service DTS package Properties dialog, aka the "DTS Password" vulnerability...
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...
CVE-2000-0202
Microsoft SQL Server 7.0 and Microsoft Data Engine MSDE 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query...
CVE-2000-0202
CVE-2000-0202 affects Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0. A malformed SELECT statement in an SQL query allows remote attackers to gain privileges. The connected OpenVAS entry corroborates multiple MSSQL vulnerabilities; however, exploitation details, affected versions b...