4418 matches found
Microsoft SQL Server 7.02000 MSDE - Named Pipe Denial of Service (MS03-031)
Microsoft SQL Server 7.02000 MSDE - Named Pipe Denial of Service MS03-031 source: https://www.securityfocus.com/bid/8274/info Microsoft SQL Server and the Microsoft Data Engine have been reported prone to a denial of service attack. Any local or remote user, who can authenticate and is part of th...
CVE-2003-0496
CVE-2003-0496: Affected software is Microsoft SQL Server on Windows 2000 prior to SP4. By passing a named pipe as an argument to xp_fileexist, a local attacker can impersonate the SQL Server service account due to CreateFile/Named Pipe behavior. Impact is local privilege escalation to the SQL Ser...
CVE-2003-0496
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xpfileexist extended stored procedure with a named pipe as an argument instead of a normal file...
Pipe Filename Local Privilege Escalation FAQ
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have received several inquiries regarding the advisory, "Named Pipe Filename Local Privilege Escalation" that was published by @stake on 07/08/2003. These answers should clarify where the vulnerability actually lies so customers can make informed...
Named Pipe Filename Local Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Named Pipe Filename Local Privilege Escalation Release Date: 07/08/2003 Application: Microsoft SQL Server Platform: Windows NT/2000/XP Severity: Local privilege escalation Author: Andreas...
Snitz Forums 2000 - register.asp SQL Injection
Snitz Forums 2000 - register.asp SQL Injection source: https://www.securityfocus.com/bid/7549/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz is back-ended by a database and supports Microsoft Access 97/2000, SQL Server 6.5/7.0/2000 an...
Snitz Forums 2000 - 'register.asp' SQL Injection
source: https://www.securityfocus.com/bid/7549/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz is back-ended by a database and supports Microsoft Access 97/2000, SQL Server 6.5/7.0/2000 and MySQL. It is possible for a remote attacker t...
Microsoft SQL Server 7.02000 JET Database Engine 4.0 - Buffer Overrun
Microsoft SQL Server 7.02000 JET Database Engine 4.0 - Buffer Overrun source: https://www.securityfocus.com/bid/7541/info Microsoft SQL Server is prone to an exploitable buffer overrun vulnerability via the Jet Database Engine. This can occur while the JET 4.0 OLE DB data provider is querying dat...
Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 - Buffer Overrun
source: https://www.securityfocus.com/bid/7541/info Microsoft SQL Server is prone to an exploitable buffer overrun vulnerability via the Jet Database Engine. This can occur while the JET 4.0 OLE DB data provider is querying data supplied via a remote source and is due to insufficient bounds...
CVE-2002-0186
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."...
CVE-2002-0700
This CVE concerns Microsoft Content Management Server (MCMS) 2001, where a buffer overflow in the Profile Service (an MDAC-related function used during user authentication) can allow an attacker to execute code in the Local System context by authenticating to a vulnerable web page. The issue is c...
CVE-2002-0859
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code...
CVE-2002-0642
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine MSDE 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key...
CVE-2002-0642
CVE-2002-0642 corresponds to an elevation-of-privilege issue in Microsoft SQL Server 2000 and MSDE 2000 caused by insecure permissions on the registry key that stores the SQL Server service account. The OpenVAS/SECURITYVULNS entries corroborate a privilege-escalation risk tied to the SQL Server s...
CVE-2002-0187
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."...
CVE-2002-0186
CVE-2002-0186 describes a buffer overflow in the Microsoft SQLXML ISAPI extension for SQL Server 2000. The flaw arises from inadequate validation of the contenttype parameter in SQLXML HTTP requests, allowing a remote attacker to trigger a crash or execute arbitrary code (the extension runs with ...
CVE-2002-0700
Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server MCMS 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL...
CVE-2002-0650
CVE-2002-0650 affects Microsoft SQL Server 2000’s Resolution Service on UDP port 1434. A forged ping from one server to another (both using 1434) can trigger the Resolution Service to exchange referrals/pings in an infinite loop, causing a denial of service (bandwidth/resource exhaustion) between...
CVE-2002-0859
CVE-2002-0859 describes a buffer overflow in the OpenDataSource function of the Jet engine used by Microsoft SQL Server 2000. The vulnerability permits remote attackers to execute arbitrary code, affecting the system via the Jet engine component. The available records indicate the issue arises fr...
CVE-2002-0187
The CVE-2002-0187 entry corresponds to a cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000, where an attacker could inject script via the root parameter of an XML SQL query. Connected documents also describe a related overflow issue in the SQLXML ISAPI filter...