4416 matches found
CVE-2000-0603
Microsoft SQL Server 7.0 contains a vulnerability where a local user can bypass stored‑procedure permissions by referencing them through a temporary stored procedure, effectively elevating privileges. The issue affects the ability to enforce access controls on stored procedures and is described a...
CVE-2000-0603
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability...
CVE-2000-0402
CVE-2000-0402 concerns Information Disclosure in Microsoft SQL Server 7.0: the sa password is stored in plaintext in a log file (sqlsp.log) readable by any user. This vulnerability is described as the "SQL Server 7.0 Service Pack Password" issue. Public references in the provided documents point ...
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...
Security Bulletin (MS00-048)
Microsoft Security Bulletin MS00-048 - --------------------------------------- Patch Available for "Stored Procedure Permissions" Vulnerability Originally Posted: July 7, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr SQL Server 7.0. The...
Проблемы с хранимыми процедурами в SQL Server 7
Любой пользователь может выполнить хранимую процедуру, даже не имея на нее прав...
CVE-2000-0603
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability...
Security Bulletin (MS00-041)
Microsoft Security Bulletin MS00-041 - -------------------------------------- Patch Available for "DTS Password" Vulnerability Originally posted: June 14, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoftr SQL...
Проблема с паролем администратора в MS SQL 7
После установки SP1 или 2 при использовании смешанного режима авторизации пароль администратора в открытом тексте попадает в файл TEMPsqlsp.log...
Security Bulletin (MS00-035)
Microsoft Security Bulletin MS00-035 - -------------------------------------- Patch Available for "SQL Server 7.0 Service Pack Password" Vulnerability May 30, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr SQL Serverr 7.0 Service Packs 1...
Steal Passwords Using SQL Server EM
If you have access to a SQL Server database, as a normal user, you have the ability to view others passwords who have created a DTS package. Scenario: a.. Log into the SQL Server b.. Expand 'Data Transformation Services' c.. Click on 'Local Packages' d.. Right click on any package, and choose...
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...
CVE-2000-0485
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service DTS package Properties dialog, aka the "DTS Password" vulnerability...
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...
CVE-2000-0202
Microsoft SQL Server 7.0 and Microsoft Data Engine MSDE 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query...
CVE-2000-0202
CVE-2000-0202 affects Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0. A malformed SELECT statement in an SQL query allows remote attackers to gain privileges. The connected OpenVAS entry corroborates multiple MSSQL vulnerabilities; however, exploitation details, affected versions b...
CVE-2000-0199
CVE-2000-0199 affects Microsoft SQL Server 7.0 via Enterprise Manager when the “Always prompt for login name and password” option is not set; the login credentials are stored with weak encryption. The connected Nessus entry also describes a potential local privilege escalation by authenticated us...
CVE-2000-0199
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password...
CVE-2000-0199
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password...
CVE-2000-0202
Microsoft SQL Server 7.0 and Microsoft Data Engine MSDE 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query...