107 matches found
Microsoft Security Bulletin MS08-052 – Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
Microsoft Security Bulletin MS08-052 – Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution 954593 Published: September 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. Thes...
Microsoft SQL Server Convert Function Remote Memory Corruption Vulnerability
Description Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks...
Microsoft SQL Server Memory Page Reuse Information Disclosure Vulnerability
Description Microsoft SQL Server is prone to an information-disclosure vulnerability caused by a memory-reallocation flaw. An attacker with operator access may leverage this issue to obtain potentially sensitive information that could aid in further attacks. Technologies Affected Microsoft Data...
Fusetalk SQL injection submission.
Greetings, I have found sql injection in FuseTalk 2.0 during a legitmate audit. Resending because I got MIME errors to [email protected]. I have exchanged emails with [email protected] who needed more information when I originally sent an email to [email protected] Operating...
Microsoft Windows XML Core Services XSLT Buffer Overrun Vulnerability
Description Microsoft Windows is prone to a remotely exploitable buffer-overrun condition in the XSLT implementation of XML core services. An attacker can exploit this issue to execute arbitrary code on an unsuspecting victim's computer. This may facilitate a remote compromise. Technologies...
Microsoft SQL Server Hello buffer overflow
Added: 08/07/2006 CVE: CVE-2002-1123 BID: 5411 OSVDB: 10132 Background Microsoft SQL Server is a database server package for Windows platforms. Problem Microsoft SQL Server 2000 is affected by a buffer overflow vulnerability in the code which handles user authentication. This allows a remote...
Microsoft SQL Server 2000 resolution service buffer overflow
Added: 02/05/2006 CVE: CVE-2002-0649 BID: 5310 OSVDB: 4577 Background Microsoft SQL Server is a database server package for Windows platforms. SQL Server 2000 introduced the SQL Server Resolution Service, which runs on port 1434/UDP and identifies the port on which each SQL Server instance runs...
MS02-039 Microsoft SQL Server Resolution Overflow
This is an exploit for the SQL Server 2000 resolution service buffer overflow. This overflow is triggered by sending a udp packet to port 1434 which starts with 0x04 and is followed by long string terminating with a colon and a number. This module should work against any vulnerable SQL Server 200...
XML Core Services patch (Q318203)
XMLHTTP Control Can Allow Access to Local Files. SPDX-FileCopyrightText: 2002 Michael Scheidell Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2002-0729
Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator...
CVE-2002-0729
Microsoft SQL Server 2000 is affected by CVE-2002-0729. The vulnerability allows remote attackers to cause a denial of service by sending a malformed 0x08 packet missing a colon separator. Root cause is a malformed packet handling in the SQL Server service. Public details in the provided document...
VulnCheck KEV: CVE-2002-0649
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 MSDE allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which 1 a 0x04 byte that causes the SQL Monitor thread to...
CVE-2002-0186
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."...
CVE-2002-0186
CVE-2002-0186 describes a buffer overflow in the Microsoft SQLXML ISAPI extension for SQL Server 2000. The flaw arises from inadequate validation of the contenttype parameter in SQLXML HTTP requests, allowing a remote attacker to trigger a crash or execute arbitrary code (the extension runs with ...
CVE-2002-0650
CVE-2002-0650 affects Microsoft SQL Server 2000’s Resolution Service on UDP port 1434. A forged ping from one server to another (both using 1434) can trigger the Resolution Service to exchange referrals/pings in an infinite loop, causing a denial of service (bandwidth/resource exhaustion) between...
CVE-2002-0695
CVE-2002-0695 describes a buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5–2.7, affecting SQL Server 7.0 or 2000. The underlying issue is a buffer overflow in the OpenRowSet path that could allow a remote attacker to execute arbitrary...
CVE-2002-0187
The CVE-2002-0187 entry corresponds to a cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000, where an attacker could inject script via the root parameter of an XML SQL query. Connected documents also describe a related overflow issue in the SQLXML ISAPI filter...
CVE-2002-0859
CVE-2002-0859 describes a buffer overflow in the OpenDataSource function of the Jet engine used by Microsoft SQL Server 2000. The vulnerability permits remote attackers to execute arbitrary code, affecting the system via the Jet engine component. The available records indicate the issue arises fr...
CVE-2002-1981
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the 1 spMSSetServerProperties or 2 spMSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings...
Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A)
NGSSoftware Insight Security Research Advisory Name: Arbitrary Command Execution on SQL Server 2000 Systems: Microsoft SQL Server 2000 SP 2 Severity: High Risk for Distributor servers Category: Arbitrary Command Execution Vendor URL: http://www.microsoft.com/ Author: David Litchfield...