CVSS: 9.8EPSS: 35%CPEs: 9EXPL: 1CVE-2002-0859 – Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2002-0859
05 Sep 2002 — Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. Desbordamiento de búfer en la función OpenDataSource del motor Jet en Microsoft SQL Server 2000 permite a atacantes remotos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/21569 •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 1CVE-2002-0982 – Microsoft SQL Server 2000 - sp_MScopyscript SQL Injection
https://notcve.org/view.php?id=CVE-2002-0982
23 Aug 2002 — Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. Microsoft SQL Server 2000 SP2, cuando se configura como distribuidor, permite a atacantes ejecutar código arbitrario mediante el parámetro @scriptfile del procedimiento almacenado sp_MScopyscript • https://www.exploit-db.com/exploits/21651 •
CVSS: 10.0EPSS: 54%CPEs: 10EXPL: 1CVE-2002-0721 – Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation
https://notcve.org/view.php?id=CVE-2002-0721
20 Aug 2002 — Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. Microsoft SQL Server 7.0 y 2000 se instala con permisos débiles para ciertos procedimientos almacenados (stored procedures) extendidos que están asociados con funciones de... • https://www.exploit-db.com/exploits/21718 •
CVSS: 7.5EPSS: 25%CPEs: 3EXPL: 0CVE-2002-0650
https://notcve.org/view.php?id=CVE-2002-0650
12 Aug 2002 — The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. El mecanismo de mantenimiento de conexión (keep-alive) en Microsoft SQL Server 2000 permite a atacantes remotos causar una denegación de servicio (consumición de ancho de banda) mediante... • http://marc.info/?l=bugtraq&m=102760196931518&w=2 •
CVSS: 7.5EPSS: 15%CPEs: 1EXPL: 0CVE-2002-0729
https://notcve.org/view.php?id=CVE-2002-0729
12 Aug 2002 — Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. Microsoft SQL Server 2000 permite que atacantes remotos provoquen una denegación de servicio por medio de un paquete 0x08 mal construido al que le falta un separador de punto y coma. • http://marc.info/?l=bugtraq&m=102760196931518&w=2 •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 1CVE-2002-0644 – Microsoft SQL Server 2000 - Database Consistency Checkers Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0644
26 Jul 2002 — Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code. Desbordamiento de buffer en varios Comprobadores de Consistencia de Base de Datos (Database Consistency Checkers - DBCCs) en Microsoft SQL Server 2000 y Microsoft Desktop Engine (MSDE) 2000 permite a miembros de los grupos db_owner y db_ddladmin ejecutar código arbitrario. • https://www.exploit-db.com/exploits/21650 •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2002-0645
https://notcve.org/view.php?id=CVE-2002-0645
26 Jul 2002 — SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. Vulnerabilidad de inyección de SQL en procedimientos almacenados en Microsoft SQL Server 2000 y Microsoft Desktop engine (MSDE) 2000 puede que permita a usuarios autenticados ejecutar comandos arbitrarios. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-038 •
CVSS: 9.8EPSS: 87%CPEs: 4EXPL: 2CVE-2002-0649 – Microsoft SQL Server - Resolution Overflow (MS02-039)
https://notcve.org/view.php?id=CVE-2002-0649
26 Jul 2002 — Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. Multiples desbordamientos de buffers en el Servicio de Resolución en SQL Server... • https://www.exploit-db.com/exploits/16393 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 78%CPEs: 2EXPL: 0CVE-2002-0642
https://notcve.org/view.php?id=CVE-2002-0642
23 Jul 2002 — The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key." La clave del registro que contiene información sobre el servicio SQL Server en Microsoft SQL Server 2000, incluyendo Microsoft SQL Server Desktop Engine (MSDE) 2000, posee unos permisos inseguros, lo cual permi... • http://www.cert.org/advisories/CA-2002-22.html •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 1CVE-2002-0624 – Microsoft SQL Server 2000 - Password Encrypt procedure Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0624
12 Jul 2002 — Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." Desbordamiento de búfer en la función de encriptación de contraseñas en Microsoft SQL Server 2000, incluyendo Microsoft SQL Server Desktop Engine (MSDE) 2000, permite a atacantes remotos la obtención ... • https://www.exploit-db.com/exploits/21549 •