CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2000-0603
https://notcve.org/view.php?id=CVE-2000-0603
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. • http://www.securityfocus.com/bid/1444 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-048 https://exchange.xforce.ibmcloud.com/vulnerabilities/4921 •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2000-0485
https://notcve.org/view.php?id=CVE-2000-0485
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. • http://www.securityfocus.com/archive/1/62771 http://www.securityfocus.com/bid/1292 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-041 https://exchange.xforce.ibmcloud.com/vulnerabilities/4582 •
CVSS: 2.1EPSS: 73%CPEs: 3EXPL: 2CVE-2000-0402 – Microsoft SQL Server - Payload Execution
https://notcve.org/view.php?id=CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. • https://www.exploit-db.com/exploits/16395 https://www.exploit-db.com/exploits/16394 http://www.microsoft.com/technet/support/kb.asp?ID=263968 http://www.securityfocus.com/bid/1281 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-035 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2000-0199
https://notcve.org/view.php?id=CVE-2000-0199
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. • http://www.securityfocus.com/bid/1055 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2000-0202
https://notcve.org/view.php?id=CVE-2000-0202
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. • http://www.securityfocus.com/bid/1041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-014 •