1254 matches found
Microsoft SQL Server contains buffer overflow vulnerabilities in multiple extended stored procedures
Overview Microsoft SQL Server 7.0 and SQL Server 2000 contain buffer overflow vulnerabilities in multiple extended stored procedures. A remote attacker could cause a denial of service or execute arbitrary code or commands with the privileges of the SQL Server process, potentially gaining complete...
Microsoft SQL Server 2000 - Resolution Service Heap Overflow
Microsoft SQL Server 2000 - Resolution Service Heap Overflow source: https://www.securityfocus.com/bid/5310/info A vulnerability in Microsoft SQL Server 2000 could allow remote attackers to access target hosts. A problem in the SQL Server Resolution Service allows a remote attacker to execute...
Microsoft SQL Server 2000 - sp_MScopyscript SQL Injection
Microsoft SQL Server 2000 - spMScopyscript SQL Injection source: https://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the abili...
Microsoft SQL Server service account registry key has weak permissions that permit privilege escalation
Overview The Microsoft SQL Server contains a vulnerability that allows remote attackers to execute arbitrary commands with system privileges. Description The Microsoft SQL Server typically runs under a dedicated "service account" that is defined by system administrators at installation time. This...
Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
NGSSoftware Insight Security Research Advisory Name: Unauthenticated Remote Compromise in MS SQL Server 2000 Systems: Microsoft SQL Server 2000, all Service Packs Severity: Critical/Very High Risk. Category: Remote Buffer Overrun Vulnerability Vendor URL: http://www.microsoft.com/ Author: David...
Microsoft SQL Server contains buffer overflow in code used to process "BULK INSERT" queries
Overview The Microsoft SQL Server contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code with system privileges. Description The Microsoft SQL Server contains a buffer overflow vulnerability in the code used to process "Bulk Insert" queries. Bulk Insert...
Microsoft SQL Server 2000 - Database Consistency Checkers Buffer Overflow
source: https://www.securityfocus.com/bid/5307/info Microsoft SQL Server 2000 includes utilities called Database Consistency Checkers DBCC. Several of these programs contain identical buffer overflows that, when exploited, could allow an attacker to execute arbitrary code with the privilege level...
Microsoft SQL Server contains buffer overflows in several Database Consistency Checkers
Overview Microsoft SQL Server ships with several administrative tools that allow database users to elevate their administrative privileges from a single database to all databases on the server. Description Microsoft SQL Server ships with several utilities known as Database Consistency Checkers...
CVE-2002-0641
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine MSDE 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query...
CVE-2002-0624
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine MSDE 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption...
CVE-2002-0642
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine MSDE 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key...
CVE-2002-0624
CVE-2002-0624 describes a buffer overflow in the pwdencrypt() password-encryption function in Microsoft SQL Server 2000 (including MSDE 2000) that can allow remote attackers to execute arbitrary code with the SQL Server service account when authenticating via SQL Server Authentication. Public sou...
CVE-2002-0624
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine MSDE 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption...
CVE-2002-0641
The CVE-2002-0641 issue affects Microsoft SQL Server 2000 and MSDE 2000, where a buffer overflow in the BULK INSERT procedure can be triggered by a file name that is too long. Exploitation requires Bulk Admin or Administrator privileges and can allow execution of arbitrary code with system/high p...
CVE-2002-0641
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine MSDE 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query...
Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)
NGSSoftware Insight Security Research Advisory Name: BULK INSERT Buffer Overflow Systems Affected: Microsoft SQL Server 2000 Severity: Medium Category: Buffer Overrun Vendor URL: http://www.microsoft.com/ Authors: Mark Litchfield [email protected] Advisory URL:...
CVE-2002-0186
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."...
CVE-2002-0187
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."...
Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/5057/info Microsoft SQL Server is prone to a remotely exploitable unicode-based buffer overflow condition. This condition occurs when the OpenDataSource function is used with MS Jet Engine. This issue may be exploited to execute attacker-supplied...
Microsoft SQL Server 2000 Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC)
Microsoft SQL Server 2000 Microsoft Jet 4.0 Engine - Unicode Buffer Overflow PoC source: https://www.securityfocus.com/bid/5057/info Microsoft SQL Server is prone to a remotely exploitable unicode-based buffer overflow condition. This condition occurs when the OpenDataSource function is used with...