CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0CVE-2002-1145
https://notcve.org/view.php?id=CVE-2002-1145
21 Oct 2002 — The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. • http://marc.info/?l=bugtraq&m=103487044122900&w=2 •
CVSS: 7.5EPSS: 11%CPEs: 10EXPL: 0CVE-2002-1138
https://notcve.org/view.php?id=CVE-2002-1138
11 Oct 2002 — Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." Microsoft SQL Server 7.0 y 2000, incluyendo Microsoft Data Engine (Motor de datos) (MSDE) 1.0, y Microsoft Desktop Engine (MSDE) 2000, escribe los ficheros de salida de tareas planifi... • http://www.ciac.org/ciac/bulletins/n-003.shtml •
CVSS: 9.8EPSS: 21%CPEs: 10EXPL: 1CVE-2002-1137
https://notcve.org/view.php?id=CVE-2002-1137
11 Oct 2002 — Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. Desbordamiento de búfer en la Consola de Comandos de Base de Datos (CBCC) que maneja la entrada de usuario en Microsoft SQL Server 7.0 y 2000, incluyendo Micros... • http://www.ciac.org/ciac/bulletins/n-003.shtml •
CVSS: 9.8EPSS: 88%CPEs: 4EXPL: 2CVE-2002-1123 – Microsoft SQL Server - Hello Overflow (MS02-056)
https://notcve.org/view.php?id=CVE-2002-1123
24 Sep 2002 — Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. Desbordamiento de búfer en Microsof SQL Server permite a atacantes remotos ejecutar código arbitrario mediante una petición larga al puerto TCP 1433, también conocido como desbordamiento "Hello". • https://www.exploit-db.com/exploits/16398 •
CVSS: 10.0EPSS: 54%CPEs: 10EXPL: 1CVE-2002-0721 – Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation
https://notcve.org/view.php?id=CVE-2002-0721
20 Aug 2002 — Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. Microsoft SQL Server 7.0 y 2000 se instala con permisos débiles para ciertos procedimientos almacenados (stored procedures) extendidos que están asociados con funciones de... • https://www.exploit-db.com/exploits/21718 •
CVSS: 10.0EPSS: 89%CPEs: 10EXPL: 2CVE-2000-1209 – Microsoft SQL Server - Payload Execution
https://notcve.org/view.php?id=CVE-2000-1209
10 Aug 2002 — The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. • https://www.exploit-db.com/exploits/16395 •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2002-0645
https://notcve.org/view.php?id=CVE-2002-0645
26 Jul 2002 — SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. Vulnerabilidad de inyección de SQL en procedimientos almacenados en Microsoft SQL Server 2000 y Microsoft Desktop engine (MSDE) 2000 puede que permita a usuarios autenticados ejecutar comandos arbitrarios. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-038 •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 1CVE-2002-0644 – Microsoft SQL Server 2000 - Database Consistency Checkers Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0644
26 Jul 2002 — Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code. Desbordamiento de buffer en varios Comprobadores de Consistencia de Base de Datos (Database Consistency Checkers - DBCCs) en Microsoft SQL Server 2000 y Microsoft Desktop Engine (MSDE) 2000 permite a miembros de los grupos db_owner y db_ddladmin ejecutar código arbitrario. • https://www.exploit-db.com/exploits/21650 •
CVSS: 9.8EPSS: 86%CPEs: 4EXPL: 2CVE-2002-0649 – Microsoft SQL Server - Resolution Overflow (MS02-039)
https://notcve.org/view.php?id=CVE-2002-0649
26 Jul 2002 — Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. Multiples desbordamientos de buffers en el Servicio de Resolución en SQL Server... • https://www.exploit-db.com/exploits/16393 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2002-0643
https://notcve.org/view.php?id=CVE-2002-0643
12 Jul 2002 — The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." La instalación de Microsoft Data Engine 1.0 (MSDE 1.0), y Microsoft SQL Server 2000 crea ficheros setup.iss con permisos inseguros que no son eliminado... • http://marc.info/?l=bugtraq&m=102640092826731&w=2 •