Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
MicrosoftSql Server

108 matches found

CVE
CVEadded 2004/09/01 4:0 a.m.56 views

CVE-2002-1137

CVE-2002-1137 describes a buffer overflow in the Database Console Command (DBCC) in Microsoft SQL Server 7.0 and 2000, including MSDE 1.0/MSDE 2000. The vulnerability stems from handling of user input, allowing an attacker to execute arbitrary code via a long SourceDB argument in a non-SQL OLEDB ...

7.5CVSS8.1AI score0.09392EPSS
CVE
CVEadded 2002/07/12 4:0 a.m.55 views

CVE-2002-0641

The CVE-2002-0641 issue affects Microsoft SQL Server 2000 and MSDE 2000, where a buffer overflow in the BULK INSERT procedure can be triggered by a file name that is too long. Exploitation requires Bulk Admin or Administrator privileges and can allow execution of arbitrary code with system/high p...

7.5CVSS8AI score0.11237EPSS
CVE
CVEadded 2004/09/01 4:0 a.m.54 views

CVE-2002-0729

Microsoft SQL Server 2000 is affected by CVE-2002-0729. The vulnerability allows remote attackers to cause a denial of service by sending a malformed 0x08 packet missing a colon separator. Root cause is a malformed packet handling in the SQL Server service. Public details in the provided document...

5CVSS7.1AI score0.10664EPSS
CVE
CVEadded 2005/06/28 4:0 a.m.54 views

CVE-2002-1981

Microsoft SQL Server 2000 up to SP2 allows the public role to execute the stored procedures sp_MSSetServerProperties and sp_MSsetalertinfo, enabling modification of configuration including startup and alert settings. This CVE description is corroborated across NVD/Red Hat/CVE pages. No explicit e...

5CVSS7.5AI score0.04578EPSS
CVE
CVEadded 2003/07/25 4:0 a.m.54 views

CVE-2003-0231

Summary: CVE-2003-0231 affects Microsoft SQL Server 7.0, SQL Server 2000, and MSDE. A long request to a named pipe can trigger a denial of service, making the server unresponsive for local or remote authenticated users. The issue arises from how SQL Server interprets a return code from a named-pi...

5CVSS6.6AI score0.36179EPSS
CVE
CVEadded 2001/09/18 4:0 a.m.51 views

CVE-2001-0344

CVE-2001-0344 describes a privilege-escalation vulnerability in Microsoft SQL Server 2000 Gold and SQL Server 7.0 when running in Mixed Mode. An attacker with local database access could exploit reusing a cached sa administrator connection to gain privileges. The Initial Description states the vu...

7.2CVSS7AI score0.01917EPSS
CVE
CVEadded 2000/03/22 5:0 a.m.50 views

CVE-2000-0199

CVE-2000-0199 affects Microsoft SQL Server 7.0 via Enterprise Manager when the “Always prompt for login name and password” option is not set; the login credentials are stored with weak encryption. The connected Nessus entry also describes a potential local privilege escalation by authenticated us...

7.2CVSS7AI score0.01453EPSS
CVE
CVEadded 2004/09/01 4:0 a.m.48 views

CVE-1999-1556

CVE-1999-1556 affects Microsoft SQL Server 6.5. The issue arises from weak encryption of the password for the SQLExecutiveCmdExec account and storing it in an accessible portion of the registry, enabling local users to read and decrypt the CmdExecAccount value and potentially gain privileges. The...

7.2CVSS8.3AI score0.01179EPSS
Total number of security vulnerabilities108