CVE-2004-1560 – MSSQL 7.0 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2004-1560
Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. • https://www.exploit-db.com/exploits/562 http://marc.info/?l=bugtraq&m=109650760210411&w=2 http://packetstormsecurity.nl/0410-exploits/mssql.7.0.dos.c http://secunia.com/advisories/12680 http://securitytracker.com/id?1011434 http://www.securityfocus.com/bid/11265 https://exchange.xforce.ibmcloud.com/vulnerabilities/17542 •
CVE-2003-0230
https://notcve.org/view.php?id=CVE-2003-0230
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. Microsoft SQL Server 7, 2000, y MSDE permite a usuarios locales ganar privilegios secuestrando una tubería con nombre (named pipe) de otro usuario, llamada vulnerabilidad de "Secuestro de Tubería con Nombre". • http://www.kb.cert.org/vuls/id/556356 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2003-0232 – Microsoft Windows SQL Server - Remote Denial of Service (MS03-031)
https://notcve.org/view.php?id=CVE-2003-0232
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. Microsoft SQL Server 7, 2000 y MSDE permite a usuarios locales ejecutar código arbitrario mediante una cierta petición al puerto de llamadas de procedimiento local (LPC - Local Procedure Calls) que conduce a un desbordamiento de búfer. • https://www.exploit-db.com/exploits/65 http://www.atstake.com/research/advisories/2003/a072303-3.txt http://www.kb.cert.org/vuls/id/584868 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303 •
CVE-2003-0231 – Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service (MS03-031)
https://notcve.org/view.php?id=CVE-2003-0231
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. Microsoft SQL Server 7, 2000 y MSDE permite a usurios locales o a usuarios remotos autenticados causar una denegación de servicio (caída o cuelgue) mediante un petición larga a una tubería con nombre. • https://www.exploit-db.com/exploits/22957 http://www.atstake.com/research/advisories/2003/a072303-2.txt http://www.kb.cert.org/vuls/id/918652 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299 •
CVE-2002-1872
https://notcve.org/view.php?id=CVE-2002-1872
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. • http://online.securityfocus.com/archive/1/298361 http://www.iss.net/security_center/static/10542.php http://www.nextgenss.com/papers/tp-SQL2000.pdf http://www.securityfocus.com/bid/6097 • CWE-326: Inadequate Encryption Strength •