Microsoft SQL Server 2000 pwdencrypt() buffer overflow

Microsoft SQL Server 2000 up to SP2 suffers from buffer/heap overflow in built-in hashing function pwdencrypt. Sample code shown below crashes SQL Server service and may lead to arbitrary code execution: SELECT pwdencryptREPLICATE'A',353 On some systems it may require lager amount of characters t...

Microsoft SQL Server 2000 SQLXML buffer overflow

Buffer overflow in ISAPI filter and crossite scripting...

Microsoft SQL Server 2000 - SQLXML Script Injection

source: https://www.securityfocus.com/bid/5005/info SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML Extensible Markup Language format. Such queries can be sent using various methods of communication, one of which is via HTTP. SQLXML...

CVE-2002-0154

Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments...

CVE-2002-0154

Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments...

CVE-2001-0542

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions 1 raiserror, 2 formatmessage, or 3 xpsprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879...

Переполнения буфера в текстовых функциях Microsoft SQL Server (buffer overflow)

Переполнения буфре а функциях raiserror, formatmessageи процедуре xpsprintf...

@stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Multiple overflow and format string vulnerabilities in Microsoft SQL Server Release Date: 12/20/2001 Application: Microsoft SQL Server 7.0 and 2000 Platform: Microsoft Windows NT 4.0, 2000,...

Buffer overflows in Microsoft SQL Server 7.0 and SQL Server 2000

Overview There is a buffer overflow in Microsoft SQL Server 2000 and SQL Server 7.0 which could allow an intruder to execute arbitrary code on vulnerable systems. Description Microsoft Windows SQL Server 2000 and SQL Server 7.0 contain a buffer overflow in functions associated with text messages...

CVE-2001-0542

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions 1 raiserror, 2 formatmessage, or 3 xpsprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879...

Microsoft SQL Server and Microsoft Data Engine (MSDE) ship with a null default password

Overview Microsoft SQL Server and Microsoft Data Engine ship with a null default password on the administrative account sa. If the system administrator does not set the password, the system may be vulnerable to attack. Description Microsoft SQL Server MS SQL and Microsoft Data Engine MSDE ship...

CVE-2001-0509

Vulnerabilities in RPC servers in 1 Microsoft Exchange Server 2000 and earlier, 2 Microsoft SQL Server 2000 and earlier, 3 Windows NT 4.0, and 4 Windows 2000 allow remote attackers to cause a denial of service via malformed inputs...

Microsoft SQL Server Administrator Cached Connection Vulnerability

Description Due to a flaw in the handling of specially crafted ad hoc queries, it is possible for a logged in user to utilize the ad hoc query in such a way that the use of the system administrator's cached connection would be invoked rather than that of the user. This would enable the user to...

CVE-2000-1085

The xppeekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or...

CVE-2000-1083

The xpshowcolv function in SQL Server and Microsoft SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or execute...

CVE-2000-1086

The xpprintstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service ...

CVE-2000-1088

The xpSetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service o...

CVE-2000-1087

The xpproxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service ...

CVE-2000-1086

The xpprintstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service ...

CVE-2000-1085

The xppeekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or...