4418 matches found
CVE-2002-0644
CVE-2002-0644 / CVE-2002-1137 describe a buffer overflow in the Database Consistency Checkers (DBCCs) of Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 . The vulnerability allows db_owner and db_ddladmin role members to execute arbitrary code due to overflow in DBCC input hand...
Microsoft SQL Server 2000 contains heap buffer overflow in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a remotely exploitable heap buffer overflow that allows attackers to execute arbitrary code with the same privileges as the SQL server. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral...
Microsoft SQL Server 2000 contains denial-of-service vulnerability in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a vulnerability that allows remote attackers to create a denial-of-service condition between two Microsoft SQL servers. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral services for...
SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities.
Security Advisory Name: SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities. System Affected : Sql Server 2000 all Service Packs. Severity : High. Author: Cesar Cerrudo. Date: 07/25/2002 Advisory Number: CC070205 Overview: Database Consistency Checkers DBCCs are command console...
Microsoft SQL Server contains buffer overflow vulnerabilities in multiple extended stored procedures
Overview Microsoft SQL Server 7.0 and SQL Server 2000 contain buffer overflow vulnerabilities in multiple extended stored procedures. A remote attacker could cause a denial of service or execute arbitrary code or commands with the privileges of the SQL Server process, potentially gaining complete...
Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a remotely exploitable stack buffer overflow that allows attackers to execute arbitrary code with the same privileges as the SQL server. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral...
Microsoft SQL Server 2000 - sp_MScopyscript SQL Injection
source: https://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the ability to execute a query or pass malicious input to a query...
Microsoft SQL Server contains SQL injection vulnerability in replication stored procedures
Overview Microsoft SQL Server contains multiple SQL injection vulnerabilities that allow database users to leverage administrative privileges on a single database to execute SQL queries or operating system commands with greater privileges. Description Microsoft SQL Server provides a scripting...
Microsoft SQL Server 2000 - Resolution Service Heap Overflow
Microsoft SQL Server 2000 - Resolution Service Heap Overflow source: https://www.securityfocus.com/bid/5310/info A vulnerability in Microsoft SQL Server 2000 could allow remote attackers to access target hosts. A problem in the SQL Server Resolution Service allows a remote attacker to execute...
Microsoft SQL Server 2000 - Database Consistency Checkers Buffer Overflow
Microsoft SQL Server 2000 - Database Consistency Checkers Buffer Overflow source: https://www.securityfocus.com/bid/5307/info Microsoft SQL Server 2000 includes utilities called Database Consistency Checkers DBCC. Several of these programs contain identical buffer overflows that, when exploited,...
Microsoft SQL Server service account registry key has weak permissions that permit privilege escalation
Overview The Microsoft SQL Server contains a vulnerability that allows remote attackers to execute arbitrary commands with system privileges. Description The Microsoft SQL Server typically runs under a dedicated "service account" that is defined by system administrators at installation time. This...
Security Bulletin MS02-038: Cumulative Patch for SQL Server 2000 Service Pack 2 (Q316333)
-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Cumulative Patch for SQL Server 2000 Service Pack 2 Q316333 Date: 24 July 2002 Software: Microsoft SQL Server 2000, Microsoft Desktop Engine MSDE 2000 Impact: Two vulnerabilities, bo...
Microsoft SQL Server 2000 - sp_MScopyscript SQL Injection
Microsoft SQL Server 2000 - spMScopyscript SQL Injection source: https://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the abili...
Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
NGSSoftware Insight Security Research Advisory Name: Unauthenticated Remote Compromise in MS SQL Server 2000 Systems: Microsoft SQL Server 2000, all Service Packs Severity: Critical/Very High Risk. Category: Remote Buffer Overrun Vulnerability Vendor URL: http://www.microsoft.com/ Author: David...
Microsoft SQL Server 2000 - Resolution Service Heap Overflow
source: https://www.securityfocus.com/bid/5310/info A vulnerability in Microsoft SQL Server 2000 could allow remote attackers to access target hosts. A problem in the SQL Server Resolution Service allows a remote attacker to execute arbitrary code on a vulnerable host. The attacker could exploit ...
Microsoft SQL Server contains buffer overflow in pwdencrypt() function
Overview The Microsoft SQL Server contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code with system privileges. Description The Microsoft SQL Server provides multiple methods for users to authenticate to SQL databases. When SQL Server Authentication is...
Microsoft SQL Server contains buffer overflow in code used to process "BULK INSERT" queries
Overview The Microsoft SQL Server contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code with system privileges. Description The Microsoft SQL Server contains a buffer overflow vulnerability in the code used to process "Bulk Insert" queries. Bulk Insert...
Security Bulletin MS02-039: Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875)
---------------------------------------------------------------------- Title: Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution Q323875 Date: 24 July 2002 Software: SQL Server 2000 Impact: Three vulnerabilities, the most serious of which could enable an attacker to...
Microsoft SQL Server 2000 - Database Consistency Checkers Buffer Overflow
source: https://www.securityfocus.com/bid/5307/info Microsoft SQL Server 2000 includes utilities called Database Consistency Checkers DBCC. Several of these programs contain identical buffer overflows that, when exploited, could allow an attacker to execute arbitrary code with the privilege level...
Microsoft SQL Server contains buffer overflows in several Database Consistency Checkers
Overview Microsoft SQL Server ships with several administrative tools that allow database users to elevate their administrative privileges from a single database to all databases on the server. Description Microsoft SQL Server ships with several utilities known as Database Consistency Checkers...