VYPR

SQL Server

by Microsoft

CVEs (109)

  • CVE-2000-1087Jan 9, 2001
    risk 0.00cvss epss 0.03

    The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to…

  • CVE-2000-1082Jan 9, 2001
    risk 0.00cvss epss 0.03

    The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a…

  • CVE-2000-1084Jan 9, 2001
    risk 0.00cvss epss 0.03

    The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a…

  • CVE-2000-1086Jan 9, 2001
    risk 0.00cvss epss 0.03

    The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to…

  • CVE-2000-0654Jul 11, 2000
    risk 0.00cvss epss 0.01

    Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.

  • CVE-2000-0603Jul 7, 2000
    risk 0.00cvss epss 0.02

    Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.

  • CVE-2000-0485May 30, 2000
    risk 0.00cvss epss 0.02

    Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.

  • CVE-2000-0199Mar 14, 2000
    risk 0.00cvss epss 0.01

    When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.

  • CVE-1999-1556Jun 29, 1998
    risk 0.00cvss epss 0.01

    Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

Page 6 of 6