Page 6 of 60 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. • http://seclists.org/lists/bugtraq/2002/Sep/0009.html http://www.iss.net/security_center/static/10012.php http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt http://www.securityfocus.com/bid/5604 •

CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. • http://marc.info/?l=bugtraq&m=103487044122900&w=2 http://marc.info/?l=ntbugtraq&m=103486356413404&w=2 http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml http://www.iss.net/security_center/static/10388.php http://www.nextgenss.com/advisories/mssql-webtasks.txt http://www.securityfocus.com/bid/5980 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061 •

CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." Microsoft SQL Server 7.0 y 2000, incluyendo Microsoft Data Engine (Motor de datos) (MSDE) 1.0, y Microsoft Desktop Engine (MSDE) 2000, escribe los ficheros de salida de tareas planificadas bajo sus propios privilegios, en vez de la entidad que lo lanzó, lo que permite a atacantes sobreescribir ficheros del sistema, también conociada como "Fallo en Manejo de Fichero de Salida en Tareas Planificadas" • http://www.ciac.org/ciac/bulletins/n-003.shtml http://www.iss.net/security_center/static/10257.php https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056 •

CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 1

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. Desbordamiento de búfer en la Consola de Comandos de Base de Datos (CBCC) que maneja la entrada de usuario en Microsoft SQL Server 7.0 y 2000, incluyendo Microsoft Data Engine (MSDE) y Microsoft Desktop Engine (MSDE) 2000, permite a atantes ejecutar código arbitrario, una variante de CAN-2002-0644. • http://www.ciac.org/ciac/bulletins/n-003.shtml http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml http://www.scan-associates.net/papers/foxpro.txt http://www.securityfocus.com/bid/5877 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056 https://exchange.xforce.ibmcloud.com/vulnerabilities/10255 •

CVSS: 7.5EPSS: 96%CPEs: 4EXPL: 2

Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. Desbordamiento de búfer en Microsof SQL Server permite a atacantes remotos ejecutar código arbitrario mediante una petición larga al puerto TCP 1433, también conocido como desbordamiento "Hello". • https://www.exploit-db.com/exploits/16398 https://www.exploit-db.com/exploits/21693 http://marc.info/?l=bugtraq&m=102873609025020&w=2 http://online.securityfocus.com/archive/1/286220 http://www.ciac.org/ciac/bulletins/n-003.shtml http://www.iss.net/security_center/static/9788.php http://www.securityfocus.com/bid/5411 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056 •