4416 matches found
CVE-2000-1087
The CVE-2000-1087 vulnerability affects Microsoft SQL Server 2000 and MSDE, where the xp_proxiedmetadata function fails to properly restrict buffer length before invoking srv_paraminfo in the Extended Stored Procedures API. This can allow a local attacker to cause a denial of service or execute a...
CVE-2000-1085
The vulnerability CVE-2000-1085 affects Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE). It concerns the xp_peekqueue function, where the length of a buffer is not properly restricted before invoking srv_paraminfo in the SQL Server API for Extended Stored Procedures (XP). This coul...
CVE-2000-1087
The xpproxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service ...
CVE-2000-1084
The CVE-2000-1084 issue affects Microsoft SQL Server and SQL Server Desktop Engine (MSDE) via Extended Stored Procedures. The vulnerable component is xp_updatecolvbm, which does not properly restrict buffer length before calling srv_paraminfo in the XP API, enabling a potential denial of service ...
CVE-2000-1082
The OpenVAS entry confirms CVE-2000-1082 affects Microsoft SQL Server and MSDE via the Extended Stored Procedures interface. The issue is in xp_enumresultset, where the function does not properly restrict the length of a buffer before calling srv_paraminfo, enabling denial of service or arbitrary...
CVE-2000-1088
The xpSetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service o...
CVE-2000-1082
The xpenumresultset function in SQL Server and Microsoft SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or...
CVE-2000-1083
The CVE describes a buffer-length validation flaw in xp_showcolv within SQL Server and MSDE’s Extended Stored Procedures. The xp_showcolv path can overrun a buffer before srv_paraminfo is invoked, enabling denial of service or arbitrary command execution. Affected products are SQL Server and MSDE...
CVE-2000-1088
CVE-2000-1088 affects Microsoft SQL Server 2000 and MSDE via the Extended Stored Procedures API. The vulnerability lies in xp_SetSQLSecurity not properly restricting the buffer length before calling srv_paraminfo, enabling a attacker to cause a denial of service or execute arbitrary commands. The...
@stake Advisory: Microsoft SQL Server extended stored procedure vulnerability (A120100-1)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: Microsoft SQL Server extended stored procedure vulnerability Release Date: 12/01/2000 Application: MS SQL Server 7.0 - all service packs MS SQL Server 2000 Platform: Windows NT 4.0 / 2000...
Security Bulletin MS00-092
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------ Issue: Buffer overrun...
Дырка в SQL Server (Extended Stored Procedures)
Переполнение буфера в нескольких общщедоступных хранимых процедурах позволяет выполнение кода...
Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_showcolv Buffer Overflow
// source: https://www.securityfocus.com/bid/2038/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or arbitrary code to be executed o...
Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_displayparamstmt Buffer Overflow
// source: https://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or arbitrary code to be executed o...
Microsoft SQL Server 7.02000 Data Engine 1.02000 - xp_showcolv Buffer Overflow
Microsoft SQL Server 7.02000 Data Engine 1.02000 - xpshowcolv Buffer Overflow // source: https://www.securityfocus.com/bid/2038/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow...
Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_peekqueue Buffer Overflow
// source: https://www.securityfocus.com/bid/2040/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or arbitrary code to be executed o...
Microsoft SQL Server 7.02000 Data Engine 1.02000 - xp_peekqueue Buffer Overflow
Microsoft SQL Server 7.02000 Data Engine 1.02000 - xppeekqueue Buffer Overflow // source: https://www.securityfocus.com/bid/2040/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow...
Microsoft SQL Server 7.02000 Data Engine 1.02000 - xp_displayparamstmt Buffer Overflow
Microsoft SQL Server 7.02000 Data Engine 1.02000 - xpdisplayparamstmt Buffer Overflow // source: https://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow...
CVE-2000-0485
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service DTS package Properties dialog, aka the "DTS Password" vulnerability...
CVE-2000-0485
Summary: The provided documents describe a vulnerability in Microsoft SQL Server related to Data Transformation Services (DTS) Password handling. Local users can obtain database passwords via the DTS package Properties dialog, i.e., the "DTS Password" vulnerability. The available records do not s...