Vulnerabilities > Microsoft > SQL Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-03-08 | CVE-2002-0057 | Unspecified vulnerability in Microsoft products XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. | 5.0 |
| 2002-03-08 | CVE-2002-0056 | Buffer Overflow vulnerability in Microsoft SQL Server OLE DB Provider Name Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. | 7.5 |
| 2001-12-20 | CVE-2001-0879 | Unspecified vulnerability in Microsoft products Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. | 5.0 |
| 2001-12-20 | CVE-2001-0542 | Buffer Overflow vulnerability in Microsoft SQL-Server 2000/7.0 Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. | 7.5 |
| 2001-09-20 | CVE-2001-0509 | Improper Input Validation vulnerability in Microsoft products Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. | 5.0 |
| 2001-07-21 | CVE-2001-0344 | Unspecified vulnerability in Microsoft SQL Server 2000/7.0 An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. | 7.2 |
| 2001-01-09 | CVE-2000-1088 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 4.6 |
| 2001-01-09 | CVE-2000-1087 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 4.6 |
| 2001-01-09 | CVE-2000-1086 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 4.6 |
| 2001-01-09 | CVE-2000-1085 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 4.6 |