Microsoft

Sql Server

107 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2003-0230

  • EPSS 1.4%
  • Published 27.08.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.

5

CVE-2003-0231

  • EPSS 23.53%
  • Published 27.08.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.

7.2

CVE-2003-0232

  • EPSS 7%
  • Published 27.08.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.

7.5

CVE-2002-1872

  • EPSS 1.17%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.

5

CVE-2002-1981

  • EPSS 22.46%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and ale...

10

CVE-2002-1145

  • EPSS 1.84%
  • Published 28.10.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by u...

7.5

CVE-2002-1137

Exploit
  • EPSS 18.74%
  • Published 11.10.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via ...

7.5

CVE-2002-1138

  • EPSS 11.4%
  • Published 11.10.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to ...

7.5

CVE-2002-0982

  • EPSS 8.64%
  • Published 24.09.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.

7.5

CVE-2002-1123

  • EPSS 89.14%
  • Published 24.09.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.