Vulnerabilities > Microsoft > SQL Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-07-23 | CVE-2002-0624 | Unspecified vulnerability in Microsoft Msde and SQL Server Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." | 7.5 |
| 2002-07-03 | CVE-2002-0187 | Unspecified vulnerability in Microsoft SQL Server 2000 Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." | 7.5 |
| 2002-07-03 | CVE-2002-0186 | Buffer Overflow vulnerability in Microsoft SQL Server 2000 Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." | 7.5 |
| 2002-05-16 | CVE-2002-0154 | Unspecified vulnerability in Microsoft SQL Server 2000/7.0 Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. | 7.5 |
| 2002-03-08 | CVE-2002-0056 | Buffer Overflow vulnerability in Microsoft SQL Server OLE DB Provider Name Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. | 7.5 |
| 2001-12-20 | CVE-2001-0542 | Buffer Overflow vulnerability in Microsoft SQL-Server 2000/7.0 Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. | 7.5 |
| 2001-07-21 | CVE-2001-0344 | Unspecified vulnerability in Microsoft SQL Server 2000/7.0 An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. | 7.2 |
| 2000-03-14 | CVE-2000-0199 | Weak Password Encryption vulnerability in Microsoft SQL Server 7.0 When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. | 7.2 |
| 2000-03-08 | CVE-2000-0202 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. | 7.5 |
| 1998-06-29 | CVE-1999-1556 | Unspecified vulnerability in Microsoft SQL Server 6.5 Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. | 7.2 |