Lucene search
+L
MicrosoftSql Server

14 matches found

CVE
CVE
added 2014/08/12 9:0 p.m.436 views

CVE-2014-1820

CVE-2014-1820 describes a cross-site scripting (XSS) vulnerability in Microsoft SQL Server's Master Data Services (MDS). Affected products/versions are SQL Server 2012 SP1 and SQL Server 2014 running on 64-bit platforms, where a crafted URL can cause the MDS web interface to execute arbitrary scr...

4.3CVSS5.4AI score0.1472EPSS
CVE
CVE
added 2012/10/09 9:0 p.m.314 views

CVE-2012-2552

Microsoft SQL Server 2000/2005/2008/2008 R2/2012 Reporting Services suffers a cross-site scripting (XSS) vulnerability in the SQL Server Report Manager, allowing an attacker to inject web script or HTML via an unspecified parameter (reflected XSS). The issue is identified as CVE-2012-2552. Public...

4.3CVSS5.6AI score0.16295EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.180 views

CVE-2011-1280

CVE-2011-1280 is the XML External Entities Resolution vulnerability affecting Microsoft XML Editor components used with InfoPath 2007 SP2/2010, SQL Server 2005 SP3/4, 2008 SP1/2/R2, SSMSE 2005, and Visual Studio 2005 SP1/2008 SP1/2010. Technical detail from connected documents shows that the issu...

4.3CVSS7AI score0.15254EPSS
CVE
CVE
added 2002/07/12 4:0 a.m.131 views

CVE-2002-0643

The CVE-2002-0643 issue concerns Microsoft Data Engine 1.0 (MSDE 1.0) and Microsoft SQL Server 2000: the installation creates setup.iss files with insecure permissions and does not delete them after installation, enabling local users to access sensitive data such as the sa password and potentiall...

4.6CVSS6.8AI score0.01697EPSS
CVE
CVE
added 2000/12/19 5:0 a.m.81 views

CVE-2000-1082

The OpenVAS entry confirms CVE-2000-1082 affects Microsoft SQL Server and MSDE via the Extended Stored Procedures interface. The issue is in xp_enumresultset, where the function does not properly restrict the length of a buffer before calling srv_paraminfo, enabling denial of service or arbitrary...

4.6CVSS7.6AI score0.02835EPSS
CVE
CVE
added 2000/01/18 5:0 a.m.77 views

CVE-1999-0999

Microsoft SQL Server 7.0 is affected by a remote denial-of-service via malformed TDS packets. A crafted TCP packet (described as containing more than 2 NULLs) can shut down the server. This is documented as MS99-059/MSKB 248749; remediation involves applying the MS99-059 patch. Exploitation statu...

4.3CVSS7.1AI score0.21682EPSS
CVE
CVE
added 2000/12/19 5:0 a.m.70 views

CVE-2000-1084

The CVE-2000-1084 issue affects Microsoft SQL Server and SQL Server Desktop Engine (MSDE) via Extended Stored Procedures. The vulnerable component is xp_updatecolvbm, which does not properly restrict buffer length before calling srv_paraminfo in the XP API, enabling a potential denial of service ...

4.6CVSS7.6AI score0.02835EPSS
CVE
CVE
added 2000/12/19 5:0 a.m.70 views

CVE-2000-1087

The CVE-2000-1087 vulnerability affects Microsoft SQL Server 2000 and MSDE, where the xp_proxiedmetadata function fails to properly restrict buffer length before invoking srv_paraminfo in the Extended Stored Procedures API. This can allow a local attacker to cause a denial of service or execute a...

4.6CVSS7.6AI score0.02835EPSS
CVE
CVE
added 2000/12/19 5:0 a.m.68 views

CVE-2000-1088

CVE-2000-1088 affects Microsoft SQL Server 2000 and MSDE via the Extended Stored Procedures API. The vulnerability lies in xp_SetSQLSecurity not properly restricting the buffer length before calling srv_paraminfo, enabling a attacker to cause a denial of service or execute arbitrary commands. The...

4.6CVSS7.6AI score0.02845EPSS
CVE
CVE
added 2000/12/19 5:0 a.m.64 views

CVE-2000-1081

Microsoft SQL Server extended stored procedures vulnerability CVE-2000-1081 affects xp_displayparamstmt in SQL Server and MSDE. The issue arises from insufficiently restricting the input buffer length before calling srv_paraminfo in the Extended Stored Procedures API, enabling potential denial of...

4.6CVSS7.6AI score0.05246EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.62 views

CVE-2000-0603

Microsoft SQL Server 7.0 contains a vulnerability where a local user can bypass stored‑procedure permissions by referencing them through a temporary stored procedure, effectively elevating privileges. The issue affects the ability to enforce access controls on stored procedures and is described a...

4.6CVSS6.7AI score0.02305EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.61 views

CVE-2000-0654

The CVE-2000-0654 issue concerns Microsoft Enterprise Manager and its Data Transformation Services (DTS) Registered Servers Dialog. The vulnerability enables local users to obtain database passwords via the DTS Password mechanism, i.e., a local-authority disclosure of credentials within the DTS p...

4.6CVSS6.5AI score0.01389EPSS
CVE
CVE
added 2000/12/19 5:0 a.m.61 views

CVE-2000-1085

The vulnerability CVE-2000-1085 affects Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE). It concerns the xp_peekqueue function, where the length of a buffer is not properly restricted before invoking srv_paraminfo in the SQL Server API for Extended Stored Procedures (XP). This coul...

4.6CVSS7.6AI score0.05289EPSS
CVE
CVE
added 2000/12/19 5:0 a.m.60 views

CVE-2000-1086

The CVE-2000-1086 entry affects Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE). The vulnerability lies in the xp_printstatements function, which fails to properly restrict the length of a buffer before calling srv_paraminfo in the SQL Server API for Extended Stored Procedures (XP)...

4.6CVSS7.6AI score0.02835EPSS