14 matches found
CVE-2014-1820
CVE-2014-1820 describes a cross-site scripting (XSS) vulnerability in Microsoft SQL Server's Master Data Services (MDS). Affected products/versions are SQL Server 2012 SP1 and SQL Server 2014 running on 64-bit platforms, where a crafted URL can cause the MDS web interface to execute arbitrary scr...
CVE-2012-2552
Microsoft SQL Server 2000/2005/2008/2008 R2/2012 Reporting Services suffers a cross-site scripting (XSS) vulnerability in the SQL Server Report Manager, allowing an attacker to inject web script or HTML via an unspecified parameter (reflected XSS). The issue is identified as CVE-2012-2552. Public...
CVE-2011-1280
CVE-2011-1280 is the XML External Entities Resolution vulnerability affecting Microsoft XML Editor components used with InfoPath 2007 SP2/2010, SQL Server 2005 SP3/4, 2008 SP1/2/R2, SSMSE 2005, and Visual Studio 2005 SP1/2008 SP1/2010. Technical detail from connected documents shows that the issu...
CVE-2002-0643
The CVE-2002-0643 issue concerns Microsoft Data Engine 1.0 (MSDE 1.0) and Microsoft SQL Server 2000: the installation creates setup.iss files with insecure permissions and does not delete them after installation, enabling local users to access sensitive data such as the sa password and potentiall...
CVE-2000-1082
The OpenVAS entry confirms CVE-2000-1082 affects Microsoft SQL Server and MSDE via the Extended Stored Procedures interface. The issue is in xp_enumresultset, where the function does not properly restrict the length of a buffer before calling srv_paraminfo, enabling denial of service or arbitrary...
CVE-1999-0999
Microsoft SQL Server 7.0 is affected by a remote denial-of-service via malformed TDS packets. A crafted TCP packet (described as containing more than 2 NULLs) can shut down the server. This is documented as MS99-059/MSKB 248749; remediation involves applying the MS99-059 patch. Exploitation statu...
CVE-2000-1084
The CVE-2000-1084 issue affects Microsoft SQL Server and SQL Server Desktop Engine (MSDE) via Extended Stored Procedures. The vulnerable component is xp_updatecolvbm, which does not properly restrict buffer length before calling srv_paraminfo in the XP API, enabling a potential denial of service ...
CVE-2000-1087
The CVE-2000-1087 vulnerability affects Microsoft SQL Server 2000 and MSDE, where the xp_proxiedmetadata function fails to properly restrict buffer length before invoking srv_paraminfo in the Extended Stored Procedures API. This can allow a local attacker to cause a denial of service or execute a...
CVE-2000-1088
CVE-2000-1088 affects Microsoft SQL Server 2000 and MSDE via the Extended Stored Procedures API. The vulnerability lies in xp_SetSQLSecurity not properly restricting the buffer length before calling srv_paraminfo, enabling a attacker to cause a denial of service or execute arbitrary commands. The...
CVE-2000-1081
Microsoft SQL Server extended stored procedures vulnerability CVE-2000-1081 affects xp_displayparamstmt in SQL Server and MSDE. The issue arises from insufficiently restricting the input buffer length before calling srv_paraminfo in the Extended Stored Procedures API, enabling potential denial of...
CVE-2000-0603
Microsoft SQL Server 7.0 contains a vulnerability where a local user can bypass stored‑procedure permissions by referencing them through a temporary stored procedure, effectively elevating privileges. The issue affects the ability to enforce access controls on stored procedures and is described a...
CVE-2000-0654
The CVE-2000-0654 issue concerns Microsoft Enterprise Manager and its Data Transformation Services (DTS) Registered Servers Dialog. The vulnerability enables local users to obtain database passwords via the DTS Password mechanism, i.e., a local-authority disclosure of credentials within the DTS p...
CVE-2000-1085
The vulnerability CVE-2000-1085 affects Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE). It concerns the xp_peekqueue function, where the length of a buffer is not properly restricted before invoking srv_paraminfo in the SQL Server API for Extended Stored Procedures (XP). This coul...
CVE-2000-1086
The CVE-2000-1086 entry affects Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE). The vulnerability lies in the xp_printstatements function, which fails to properly restrict the length of a buffer before calling srv_paraminfo in the SQL Server API for Extended Stored Procedures (XP)...