Vulnerabilities > Microsoft > SQL Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-01-09 | CVE-2000-1084 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 4.6 |
| 2001-01-09 | CVE-2000-1083 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 2.1 |
| 2001-01-09 | CVE-2000-1082 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 4.6 |
| 2001-01-09 | CVE-2000-1081 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 4.6 |
| 2000-07-11 | CVE-2000-0654 | Unspecified vulnerability in Microsoft SQL Server 7.0 Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. | 4.6 |
| 2000-07-07 | CVE-2000-0603 | Unspecified vulnerability in Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. | 4.6 |
| 2000-05-30 | CVE-2000-0485 | Unspecified vulnerability in Microsoft SQL Server 6.5/7.0 Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. | 2.1 |
| 2000-05-30 | CVE-2000-0402 | Unspecified vulnerability in Microsoft SQL Server 7.0 The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. | 2.1 |
| 2000-03-14 | CVE-2000-0199 | Weak Password Encryption vulnerability in Microsoft SQL Server 7.0 When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. | 7.2 |
| 2000-03-08 | CVE-2000-0202 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. | 7.5 |