CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0CVE-2002-1145
https://notcve.org/view.php?id=CVE-2002-1145
21 Oct 2002 — The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. • http://marc.info/?l=bugtraq&m=103487044122900&w=2 •
CVSS: 9.8EPSS: 21%CPEs: 10EXPL: 1CVE-2002-1137
https://notcve.org/view.php?id=CVE-2002-1137
11 Oct 2002 — Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. Desbordamiento de búfer en la Consola de Comandos de Base de Datos (CBCC) que maneja la entrada de usuario en Microsoft SQL Server 7.0 y 2000, incluyendo Micros... • http://www.ciac.org/ciac/bulletins/n-003.shtml •
CVSS: 7.5EPSS: 11%CPEs: 10EXPL: 0CVE-2002-1138
https://notcve.org/view.php?id=CVE-2002-1138
11 Oct 2002 — Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." Microsoft SQL Server 7.0 y 2000, incluyendo Microsoft Data Engine (Motor de datos) (MSDE) 1.0, y Microsoft Desktop Engine (MSDE) 2000, escribe los ficheros de salida de tareas planifi... • http://www.ciac.org/ciac/bulletins/n-003.shtml •
CVSS: 10.0EPSS: 54%CPEs: 10EXPL: 1CVE-2002-0721 – Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation
https://notcve.org/view.php?id=CVE-2002-0721
20 Aug 2002 — Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. Microsoft SQL Server 7.0 y 2000 se instala con permisos débiles para ciertos procedimientos almacenados (stored procedures) extendidos que están asociados con funciones de... • https://www.exploit-db.com/exploits/21718 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2002-0643
https://notcve.org/view.php?id=CVE-2002-0643
12 Jul 2002 — The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." La instalación de Microsoft Data Engine 1.0 (MSDE 1.0), y Microsoft SQL Server 2000 crea ficheros setup.iss con permisos inseguros que no son eliminado... • http://marc.info/?l=bugtraq&m=102640092826731&w=2 •
CVSS: 10.0EPSS: 58%CPEs: 12EXPL: 0CVE-2002-0224
https://notcve.org/view.php?id=CVE-2002-0224
03 May 2002 — The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. El MSDTC (Microsoft Distributed Transaction Service Coordinator) para MS Windows 2000, MS IIS 5.0 y SQL Server 6.5 a 2000 permite a atacantes remotos causar una denegación de servicio (caída o cuelgue) mediante entradas malformadas (aleatorias). • http://online.securityfocus.com/archive/1/253360 •
CVSS: 9.8EPSS: 23%CPEs: 7EXPL: 0CVE-2002-0154
https://notcve.org/view.php?id=CVE-2002-0154
27 Apr 2002 — Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. Desbordamiento de buffer en procedimientos almacenados extendidos en Microsoft SQL Server 7.0 y 2000 permiten a atacantes remotos causar una denegación de servicio o ejecutar código arbitrario mediante una consulta a la base de datos con unos ciertos argumentos largos. • http://marc.info/?l=bugtraq&m=101535353331625&w=2 •
CVSS: 9.8EPSS: 22%CPEs: 2EXPL: 0CVE-2002-0056
https://notcve.org/view.php?id=CVE-2002-0056
21 Feb 2002 — Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. Desbordamiento de búfer enSQL Server 7.0 y 2000 permite a atacantes remotos ejecutar código arbitrario mediante un nombre largo de proveedor OLE DB a: (1) OpenDataSource o(2) OpenRowset en una conexión ad hoc. • http://marc.info/?l=bugtraq&m=101422555428036&w=2 •
CVSS: 7.5EPSS: 10%CPEs: 5EXPL: 0CVE-2001-0879
https://notcve.org/view.php?id=CVE-2001-0879
20 Dec 2001 — Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. Vulnerabilidad de cadena formateada en las funciones de ejecución C en SQL Server 7.0 y 2000 permite a atacantes remotos provocar una denegación de servicio. • http://marc.info/?l=bugtraq&m=100891252317406&w=2 •
CVSS: 9.8EPSS: 10%CPEs: 2EXPL: 0CVE-2001-0542
https://notcve.org/view.php?id=CVE-2001-0542
20 Dec 2001 — Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. Desbordamiento de buffer en MS SQL Server 7.0 y 2000 permite a atacantes con acceso al servidor SQL ejecutar código arbitrario por medio de las funciones 1) raiserror, (2) formatmessage, o (3) xp_sprintf. • http://marc.info/?l=bugtraq&m=100891252317406&w=2 •