Another Sql Server 7 Buffer Overflow

Security Advisory Name : Another Sql Server 7 Buffer Overflow System Affected : Sql Server 7 all service packs and fixes, ver. 7.00.1021 Severity : High. Remote Exploit: Yes Author: Cesar Cerrudo. Date: 03/05/2002 Advisory Number: CC030202 Description : The extended stored procedure xpdirtree...

CVE-2002-0056

CVE-2002-0056 concerns Microsoft SQL Server 7.0 and 2000, where a buffer overflow is triggered by a long OLE DB provider name used with OpenDataSource or OpenRowset in an ad hoc connection. The resulting issue can allow an attacker to execute arbitrary code with the SQL Server service account’s p...

CVE-2002-0056

Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to 1 OpenDataSource or 2 OpenRowset in an ad hoc connection...

Security Bulletin MS02-007

---------------------------------------------------------------------- Title: SQL Server Remote Data Source Function Contain Unchecked Buffers Date: 20 February 2002 Software: Microsoft SQL Server Impact: Run code of attacker's choice on server Max Risk: Moderate Bulletin: MS02-007 Microsoft...

CVE-2001-0542

CVE-2001-0542 describes buffer/format-string vulnerabilities in Microsoft SQL Server 7.0 and 2000. The issues affect the built-in formatting functions raiserror, formatmessage, and xp_sprintf, allowing an attacker with SQL Server access to execute arbitrary code or potentially cause a denial of s...

CVE-2001-0542

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions 1 raiserror, 2 formatmessage, or 3 xpsprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879...

Microsoft SQL Server Default Credentials

The SQL Server has a common password for one or more accounts. These accounts may be used to gain access to the records in the database or even allow remote command execution. %NASLMINLEVEL 70300 MSSQL Brute Forcer This script checks a SQL Server instance for common username and password...

Security Bulletin MS01-060

---------------------------------------------------------------------- Title: SQL Server Text Formatting Functions Contain unchecked Buffers Date: 20 December 2001 Software: Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 Impact: Run code of attacker's choice on server, denial of service...

@stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Multiple overflow and format string vulnerabilities in Microsoft SQL Server Release Date: 12/20/2001 Application: Microsoft SQL Server 7.0 and 2000 Platform: Microsoft Windows NT 4.0, 2000,...

Переполнения буфера в текстовых функциях Microsoft SQL Server (buffer overflow)

Переполнения буфре а функциях raiserror, formatmessageи процедуре xpsprintf...

Buffer overflows in Microsoft SQL Server 7.0 and SQL Server 2000

Overview There is a buffer overflow in Microsoft SQL Server 2000 and SQL Server 7.0 which could allow an intruder to execute arbitrary code on vulnerable systems. Description Microsoft Windows SQL Server 2000 and SQL Server 7.0 contain a buffer overflow in functions associated with text messages...

CVE-2001-0542

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions 1 raiserror, 2 formatmessage, or 3 xpsprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879...

CVE-2001-0879

Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service...

McKesson Pathways Homecare 6.5 - Weak Username and Password Encryption

McKesson Pathways Homecare 6.5 - Weak Username and Password Encryption source: https://www.securityfocus.com/bid/3653/info McKesson Pathways Homecare is a client/server application which is used to track patient information, billing information and medical records for home care patients. The...

Microsoft SQL Server and Microsoft Data Engine (MSDE) ship with a null default password

Overview Microsoft SQL Server and Microsoft Data Engine ship with a null default password on the administrative account sa. If the system administrator does not set the password, the system may be vulnerable to attack. Description Microsoft SQL Server MS SQL and Microsoft Data Engine MSDE ship...

CVE-2001-0509

Vulnerabilities in RPC servers in 1 Microsoft Exchange Server 2000 and earlier, 2 Microsoft SQL Server 2000 and earlier, 3 Windows NT 4.0, and 4 Windows 2000 allow remote attackers to cause a denial of service via malformed inputs...

CVE-2001-0344

CVE-2001-0344 describes a privilege-escalation vulnerability in Microsoft SQL Server 2000 Gold and SQL Server 7.0 when running in Mixed Mode. An attacker with local database access could exploit reusing a cached sa administrator connection to gain privileges. The Initial Description states the vu...

CVE-2001-0344

An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account...

CVE-2001-0509

CVE-2001-0509 affects RPC servers in Microsoft Exchange Server 2000 and earlier, Microsoft SQL Server 2000 and earlier, Windows NT 4.0, and Windows 2000. The vulnerability allows remote attackers to cause a denial of service via malformed inputs. No exploitation details or specific fixes are prov...

Security Bulletin MS01-041

---------------------------------------------------------------------- Title: Malformed RPC Request Can Cause Service Failure Date: 26 July 2001 Software: Exchange Server 5.5, Exchange Server 2000, SQL Server 7.0, SQL Server 2000, Windows NT 4.0, Windows 2000 Impact: Denial of service Bulletin:...