231 matches found
CVE-2008-4110
Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect m...
CVE-2024-49002
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49011
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49018
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-37338
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2002-1145
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database o...
CVE-2024-37337
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVE-2024-49017
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2002-0721
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_pri...
CVE-2024-37339
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37965
Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2024-49007
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2002-0642
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key...
CVE-2024-37966
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVE-2024-49000
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49005
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49014
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48996
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-37342
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVE-2008-3015
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and ...
CVE-2024-48998
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2000-1082
The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or ...
CVE-2008-0085
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows da...
CVE-2024-26191
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-48999
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2008-3012
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, S...
CVE-2024-49012
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49003
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49006
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2001-0542
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
CVE-2002-0650
The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange pa...
CVE-2024-37335
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-48993
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49016
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2002-0057
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
CVE-2024-49010
SQL Server Native Client Remote Code Execution Vulnerability
CVE-1999-0999
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.
CVE-2024-43459
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49013
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2000-1087
The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of serv...
CVE-2002-0649
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to genera...
CVE-2000-1084
The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or e...
CVE-2002-0224
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
CVE-2024-48997
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48995
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2000-0202
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
CVE-2002-0154
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
CVE-2002-0186
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
CVE-2000-1088
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of servi...
CVE-2001-0879
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.