CVE-2004-1560

Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service mssqlserver service halt via a long request to TCP port 1433, possibly triggering a buffer overflow...

Microsoft SQL Server 7.0 - Remote Denial of Service (2)

Microsoft SQL Server 7.0 - Remote Denial of Service 2 // source: https://www.securityfocus.com/bid/11265/info Reportedly Microsoft SQL Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle irregular network communications. An...

Microsoft SQL Server 7.0 - Remote Denial of Service (1)

// source: https://www.securityfocus.com/bid/11265/info Reportedly Microsoft SQL Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle irregular network communications. An attacker may leverage this issue to cause the affected...

Microsoft SQL Server 7.0 - Remote Denial of Service (2)

// source: https://www.securityfocus.com/bid/11265/info Reportedly Microsoft SQL Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle irregular network communications. An attacker may leverage this issue to cause the affected...

Microsoft SQL Server 7.0 - Remote Denial of Service (1)

Microsoft SQL Server 7.0 - Remote Denial of Service 1 // source: https://www.securityfocus.com/bid/11265/info Reportedly Microsoft SQL Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle irregular network communications. An...

getinternet.txt

CRIOLABS - Software: getInternet - Type: E-business:Internet - Company: getSolutions - Date: 09-9-2004 Software: getInternet Platform: ASP, Microsoft SQL Comments: Administration section Not Tested Description getInternet will allow you to maintain, manage and control all of the content on your...

CVE-2002-1137

Buffer overflow in the Database Console Command DBCC that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine MSDE 1.0 and Microsoft Desktop Engine MSDE 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data...

CVE-2002-1123

Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine MSDE 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow...

CVE-1999-1556

Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value...

CVE-2002-0729

Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator...

CVE-2002-1138

CVE-2002-1138 affects Microsoft SQL Server 7.0 and 2000, including MSDE 1.0 and MSDE 2000. The flaw is in Output File Handling for Scheduled Jobs: these components write output files for scheduled jobs under the SQL Server service account rather than the launching entity. This privilege mismatch ...

CVE-2002-1137

CVE-2002-1137 describes a buffer overflow in the Database Console Command (DBCC) in Microsoft SQL Server 7.0 and 2000, including MSDE 1.0/MSDE 2000. The vulnerability stems from handling of user input, allowing an attacker to execute arbitrary code via a long SourceDB argument in a non-SQL OLEDB ...

CVE-2002-0729

Microsoft SQL Server 2000 is affected by CVE-2002-0729. The vulnerability allows remote attackers to cause a denial of service by sending a malformed 0x08 packet missing a colon separator. Root cause is a malformed packet handling in the SQL Server service. Public details in the provided document...

CVE-2002-1123

CVE-2002-1123 is a buffer overflow in the authentication function of Microsoft SQL Server 2000 and MSDE 2000 triggered by a long TCP 1433 request, enabling remote code execution. Public writeups and scanners (MS02-056, Metasploit/MSF module, OpenVAS checks) confirm the existence of the Hello Over...

CVE-2002-1138

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine MSDE 1.0 and Microsoft Desktop Engine MSDE 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File...

Potential Microsoft SQL Injection Vulnerability Detection

Binary data 2002.prm...

Microsoft SQL Client Detection

Binary data 5129.prm...

Microsoft SQL Server < 7 Local Privilege Escalation

Based on its version number, the remote host may be vulnerable to a local exploit wherein an authenticated user can obtain and crack SQL usernames and passwords from the registry. An attacker may use this flaw to elevate their privileges on the local database. This alert might be a false positive...

CVE-2003-0231

Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service crash or hang via a long request to a named pipe...

CVE-2003-0230

Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability...