1417 matches found
CVE-2000-1209
The "sa" account is installed with a default null password on 1 Microsoft SQL Server 2000, 2 SQL Server 7.0, and 3 Data Engine MSDE 1.0, including third party packages that use these products such as 4 Tumbleweed Secure Mail MMS 5 Compaq Insight Manager, and 6 Visio 2000, which allows remote...
CVE-2002-0645
SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine MSDE 2000 may allow authenticated users to execute arbitrary commands...
CVE-2002-0729
Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator...
CVE-2000-1209
The CVE-2000-1209 issue affects Microsoft SQL Server 2000, SQL Server 7.0, and Data Engine (MSDE) 1.0 where the sa account is installed with a default null password. This enables remote attackers to gain privileges and was exploited by worms such as Voyager Alpha Force and Spida, with third-party...
CVE-2000-1209
The "sa" account is installed with a default null password on 1 Microsoft SQL Server 2000, 2 SQL Server 7.0, and 3 Data Engine MSDE 1.0, including third party packages that use these products such as 4 Tumbleweed Secure Mail MMS 5 Compaq Insight Manager, and 6 Visio 2000, which allows remote...
Microsoft SQL Server Authentication Function Remote Overflow
The remote Microsoft SQL server is vulnerable to the Hello overflow. An attacker may use this flaw to execute commands against the remote host as LOCAL/SYSTEM, as well as read your database content. This alert might be a false positive. %NASLMINLEVEL 70300 Script audit and contributions from...
Microsoft SQL Server 2000 - User Authentication Remote Buffer Overflow
source: https://www.securityfocus.com/bid/5411/info A vulnerability has been discovered in Microsoft SQL Server that could make it possible for remote attackers to gain access to target hosts. It is possible for an attacker to cause a buffer overflow condition on the vulnerable SQL server with a...
Microsoft SQL Server 2000 - User Authentication Remote Buffer Overflow
Microsoft SQL Server 2000 - User Authentication Remote Buffer Overflow source: https://www.securityfocus.com/bid/5411/info A vulnerability has been discovered in Microsoft SQL Server that could make it possible for remote attackers to gain access to target hosts. It is possible for an attacker to...
Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability
Description A vulnerability has been discovered in Microsoft SQL Server that could make it possible for remote attackers to gain access to target hosts. It is possible for an attacker to cause a buffer overflow condition on the vulnerable SQL server with a malformed login request. This may allow ...
Microsoft SQL Server 2000,7 OpenRowSet Buffer Overflow vulnerability (#NISR02072002)
NGSSoftware Insight Security Research Advisory Name: OpenRowSet Buffer Overflows Systems: Microsoft SQL Server 2000 and 7, all Service Packs Severity: High Risk Category: Remote Buffer Overrun Vulnerability Vendor URL: http://www.microsoft.com/ Author: David Litchfield [email protected]...
CVE-2002-0644
Buffer overflow in several Database Consistency Checkers DBCCs for Microsoft SQL Server 2000 and Microsoft Desktop Engine MSDE 2000 allows members of the dbowner and dbddladmin roles to execute arbitrary code...
CVE-2002-0649
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 MSDE allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which 1 a 0x04 byte that causes the SQL Monitor thread to generate...
CVE-2002-0649
CVE-2002-0649 describes a remote buffer-overflow in the SQL Server Resolution Service of Microsoft SQL Server 2000 and MSDE (port 1434/UDP). The vulnerability is triggered by UDP packets beginning with 0x04 (long registry key name) or 0x08 (long string), which can cause a denial of service or arb...
CVE-2002-0645
SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine MSDE 2000 may allow authenticated users to execute arbitrary commands...
CVE-2002-0644
CVE-2002-0644 / CVE-2002-1137 describe a buffer overflow in the Database Consistency Checkers (DBCCs) of Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 . The vulnerability allows db_owner and db_ddladmin role members to execute arbitrary code due to overflow in DBCC input hand...
Microsoft SQL Server 2000 contains denial-of-service vulnerability in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a vulnerability that allows remote attackers to create a denial-of-service condition between two Microsoft SQL servers. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral services for...
Microsoft SQL Server contains buffer overflow vulnerabilities in multiple extended stored procedures
Overview Microsoft SQL Server 7.0 and SQL Server 2000 contain buffer overflow vulnerabilities in multiple extended stored procedures. A remote attacker could cause a denial of service or execute arbitrary code or commands with the privileges of the SQL Server process, potentially gaining complete...
Microsoft SQL Server 2000 - Resolution Service Heap Overflow
Microsoft SQL Server 2000 - Resolution Service Heap Overflow source: https://www.securityfocus.com/bid/5310/info A vulnerability in Microsoft SQL Server 2000 could allow remote attackers to access target hosts. A problem in the SQL Server Resolution Service allows a remote attacker to execute...
Microsoft SQL Server 2000 - sp_MScopyscript SQL Injection
Microsoft SQL Server 2000 - spMScopyscript SQL Injection source: https://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the abili...
Microsoft SQL Server service account registry key has weak permissions that permit privilege escalation
Overview The Microsoft SQL Server contains a vulnerability that allows remote attackers to execute arbitrary commands with system privileges. Description The Microsoft SQL Server typically runs under a dedicated "service account" that is defined by system administrators at installation time. This...