CVSS: 7.2EPSS: 1%CPEs: 12EXPL: 0CVE-2003-0230
https://notcve.org/view.php?id=CVE-2003-0230
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. Microsoft SQL Server 7, 2000, y MSDE permite a usuarios locales ganar privilegios secuestrando una tubería con nombre (named pipe) de otro usuario, llamada vulnerabilidad de "Secuestro de Tubería con Nombre". • http://www.kb.cert.org/vuls/id/556356 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 1CVE-2003-0232 – Microsoft Windows SQL Server - Remote Denial of Service (MS03-031)
https://notcve.org/view.php?id=CVE-2003-0232
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. Microsoft SQL Server 7, 2000 y MSDE permite a usuarios locales ejecutar código arbitrario mediante una cierta petición al puerto de llamadas de procedimiento local (LPC - Local Procedure Calls) que conduce a un desbordamiento de búfer. • https://www.exploit-db.com/exploits/65 http://www.atstake.com/research/advisories/2003/a072303-3.txt http://www.kb.cert.org/vuls/id/584868 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303 •
CVSS: 5.0EPSS: 17%CPEs: 12EXPL: 1CVE-2003-0231 – Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service (MS03-031)
https://notcve.org/view.php?id=CVE-2003-0231
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. Microsoft SQL Server 7, 2000 y MSDE permite a usurios locales o a usuarios remotos autenticados causar una denegación de servicio (caída o cuelgue) mediante un petición larga a una tubería con nombre. • https://www.exploit-db.com/exploits/22957 http://www.atstake.com/research/advisories/2003/a072303-2.txt http://www.kb.cert.org/vuls/id/918652 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299 •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2002-1872
https://notcve.org/view.php?id=CVE-2002-1872
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. • http://online.securityfocus.com/archive/1/298361 http://www.iss.net/security_center/static/10542.php http://www.nextgenss.com/papers/tp-SQL2000.pdf http://www.securityfocus.com/bid/6097 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2002-1981
https://notcve.org/view.php?id=CVE-2002-1981
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. • http://seclists.org/lists/bugtraq/2002/Sep/0009.html http://www.iss.net/security_center/static/10012.php http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt http://www.securityfocus.com/bid/5604 •