16 matches found
CVE-2002-1123
CVE-2002-1123 is a buffer overflow in the authentication function of Microsoft SQL Server 2000 and MSDE 2000 triggered by a long TCP 1433 request, enabling remote code execution. Public writeups and scanners (MS02-056, Metasploit/MSF module, OpenVAS checks) confirm the existence of the Hello Over...
CVE-2002-1145
The CVE-2002-1145 entry describes a privilege-escalation issue in the Web Tasks xp_runwebtask stored procedure for Microsoft SQL Server 7.0, SQL Server 2000, MSDE 1.0, and MSDE 2000. The vulnerability arises because xp_runwebtask can be executed by PUBLIC, allowing an attacker to update a webtask...
CVE-2002-0721
The CVE-2002-0721 issue affects Microsoft SQL Server 7.0 and 2000 where extended stored procedures with weak permissions (xp_execresultset, xp_printstatements, xp_displayparamstmt) can allow an unprivileged user to execute procedures with administrator privileges. CERT advisories describe the ris...
CVE-2002-0649
CVE-2002-0649 describes a remote buffer-overflow in the SQL Server Resolution Service of Microsoft SQL Server 2000 and MSDE (port 1434/UDP). The vulnerability is triggered by UDP packets beginning with 0x04 (long registry key name) or 0x08 (long string), which can cause a denial of service or arb...
CVE-2000-1082
The OpenVAS entry confirms CVE-2000-1082 affects Microsoft SQL Server and MSDE via the Extended Stored Procedures interface. The issue is in xp_enumresultset, where the function does not properly restrict the length of a buffer before calling srv_paraminfo, enabling denial of service or arbitrary...
CVE-2000-1084
The CVE-2000-1084 issue affects Microsoft SQL Server and SQL Server Desktop Engine (MSDE) via Extended Stored Procedures. The vulnerable component is xp_updatecolvbm, which does not properly restrict buffer length before calling srv_paraminfo in the XP API, enabling a potential denial of service ...
CVE-2000-1087
The CVE-2000-1087 vulnerability affects Microsoft SQL Server 2000 and MSDE, where the xp_proxiedmetadata function fails to properly restrict buffer length before invoking srv_paraminfo in the Extended Stored Procedures API. This can allow a local attacker to cause a denial of service or execute a...
CVE-2000-1088
CVE-2000-1088 affects Microsoft SQL Server 2000 and MSDE via the Extended Stored Procedures API. The vulnerability lies in xp_SetSQLSecurity not properly restricting the buffer length before calling srv_paraminfo, enabling a attacker to cause a denial of service or execute arbitrary commands. The...
CVE-2002-0644
CVE-2002-0644 / CVE-2002-1137 describe a buffer overflow in the Database Consistency Checkers (DBCCs) of Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 . The vulnerability allows db_owner and db_ddladmin role members to execute arbitrary code due to overflow in DBCC input hand...
CVE-2000-1083
The CVE describes a buffer-length validation flaw in xp_showcolv within SQL Server and MSDE’s Extended Stored Procedures. The xp_showcolv path can overrun a buffer before srv_paraminfo is invoked, enabling denial of service or arbitrary command execution. Affected products are SQL Server and MSDE...
CVE-2002-1138
CVE-2002-1138 affects Microsoft SQL Server 7.0 and 2000, including MSDE 1.0 and MSDE 2000. The flaw is in Output File Handling for Scheduled Jobs: these components write output files for scheduled jobs under the SQL Server service account rather than the launching entity. This privilege mismatch ...
CVE-2000-1081
Microsoft SQL Server extended stored procedures vulnerability CVE-2000-1081 affects xp_displayparamstmt in SQL Server and MSDE. The issue arises from insufficiently restricting the input buffer length before calling srv_paraminfo in the Extended Stored Procedures API, enabling potential denial of...
CVE-2000-1085
The vulnerability CVE-2000-1085 affects Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE). It concerns the xp_peekqueue function, where the length of a buffer is not properly restricted before invoking srv_paraminfo in the SQL Server API for Extended Stored Procedures (XP). This coul...
CVE-2000-1086
The CVE-2000-1086 entry affects Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE). The vulnerability lies in the xp_printstatements function, which fails to properly restrict the length of a buffer before calling srv_paraminfo in the SQL Server API for Extended Stored Procedures (XP)...
CVE-2002-0645
Technical details for CVE-2002-0645 are not publicly provided in the connected documents; the available sources reference the vulnerability at a high level. Monitor for updates from official advisories.
CVE-2002-1137
CVE-2002-1137 describes a buffer overflow in the Database Console Command (DBCC) in Microsoft SQL Server 7.0 and 2000, including MSDE 1.0/MSDE 2000. The vulnerability stems from handling of user input, allowing an attacker to execute arbitrary code via a long SourceDB argument in a non-SQL OLEDB ...