Vulnerabilities
Vulnerable Software
Microsoft:  >> Sql Server  Security Vulnerabilities
The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVSS Score
4.6
EPSS Score
0.431
Published
2001-01-09
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVSS Score
4.6
EPSS Score
0.278
Published
2001-01-09
Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.
CVSS Score
4.6
EPSS Score
0.01
Published
2000-07-11
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.
CVSS Score
4.6
EPSS Score
0.01
Published
2000-07-07
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
CVSS Score
2.1
EPSS Score
0.785
Published
2000-05-30
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.
CVSS Score
2.1
EPSS Score
0.013
Published
2000-05-30
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
CVSS Score
7.2
EPSS Score
0.002
Published
2000-03-14
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
CVSS Score
7.5
EPSS Score
0.126
Published
2000-03-08
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.
CVSS Score
4.3
EPSS Score
0.156
Published
1999-11-19
Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
CVSS Score
7.2
EPSS Score
0.007
Published
1998-06-29


Contact Us

Shodan ® - All rights reserved