4418 matches found
CVE-2002-0695
CVE-2002-0695 describes a buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5–2.7, affecting SQL Server 7.0 or 2000. The underlying issue is a buffer overflow in the OpenRowSet path that could allow a remote attacker to execute arbitrary...
CVE-2002-0650
The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service bandwidth consumption via a "ping" style packet to the Resolution Service UDP port 1434 with a spoofed IP address of another SQL Server system, which causes the two servers to exchange...
Protegrity Secure.Data for Microsoft SQL Server 2000 contains buffer overflows in extended stored procedures
Overview Protegrity Secure.Data for Microsoft SQL Server 2000 includes several extended stored procedures that contain buffer overflow vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, gain access to databases, or cause a denial of service. Descriptio...
Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061
...
Microsoft SQL Server Detection (credentialed check)
Nessus has detected one or more installs of Microsoft SQL server by examining the registry and file systems on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid11217; scriptversion"1.157";...
MS02-061: Microsoft SQL Server Multiple Vulnerabilities (uncredentialed check)
The remote MS SQL server is affected by several overflows that could be exploited by an attacker to gain SYSTEM access on that host. Note that a worm sapphire is exploiting these vulnerabilities in the wild. C Tenable Network Security, Inc. ping code taken from mssqlping by H D Moore MS02-061...
CVE-2002-1872
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption XOR, which allows remote attackers to sniff and decrypt the password...
CVE-2002-1981
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the 1 spMSSetServerProperties or 2 spMSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings...
PT-2002-2594 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server versions 6.0 through 2000 Description: The issue allows remote attackers to sniff and decrypt passwords due to the use of weak password encryption XOR when SQL Authentication is enabled. Recommendations: For Microsoft SQL...
CVE-2002-1145
The xprunwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine MSDE 1.0, and Microsoft Desktop Engine MSDE 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owne...
CVE-2002-1145
The xprunwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine MSDE 1.0, and Microsoft Desktop Engine MSDE 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owne...
CVE-2002-1145
The CVE-2002-1145 entry describes a privilege-escalation issue in the Web Tasks xp_runwebtask stored procedure for Microsoft SQL Server 7.0, SQL Server 2000, MSDE 1.0, and MSDE 2000. The vulnerability arises because xp_runwebtask can be executed by PUBLIC, allowing an attacker to update a webtask...
Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)
NGSSoftware Insight Security Research Advisory Name: Microsoft SQL Server Webtasks privilege elevation Systems: Microsoft SQL Server 2000 and 7 Severity: High Risk Vendor URL: http://www.microsoft.com/ Author: David Litchfield [email protected] Advisory URL:...
Microsoft Security Bulletin MS02-061: Elevation of Privilege in SQL Server Web Tasks (Q316333)
-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Elevation of Privilege in SQL Server Web Tasks Q316333 Released: 16 October 2002 Software: Microsoft SQL Server 7.0 and 2000 Impact: Elevation of privilege Max Risk: Critical Bulleti...
Multiple bugs in Microsoft SQL Server (multiple bugs)
Buffer overflows in OpenDataSource, OPENROWSET, pwdencrypt and xpdirtree. Weak registry permissions, weak password enbcryption...
Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability
Description Microsoft has reported a vulnerability in SQL Server. According to the report, the vulnerability may be exploited by malicious database users to elevate privileges. Web tasks create HTML files containing queried data. They are invoked with a stored procedure. By default, the privilege...
CVE-2002-1138
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine MSDE 1.0 and Microsoft Desktop Engine MSDE 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File...
CVE-2002-1137
Buffer overflow in the Database Console Command DBCC that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine MSDE 1.0 and Microsoft Desktop Engine MSDE 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data...
Security Bulletin MS02-056: Cumulative Patch for SQL Server (Q316333)
---------------------------------------------------------------------- Title: Cumulative Patch for SQL Server Q316333 Date: 02 October 2002 Software: Microsoft SQL Server 7.0 Microsoft Data Engine MSDE 1.0 Microsoft SQL Server 2000 Microsoft Desktop Engine MSDE 2000 Impact: Four vulnerabilities,...
CVE-2002-1123
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine MSDE 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow...