Microsoft

Sql Server

107 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.6

CVE-2002-0643

  • EPSS 0.82%
  • Published 23.07.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly...

7.5

CVE-2002-0186

  • EPSS 78.19%
  • Published 03.07.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."

7.5

CVE-2002-0187

  • EPSS 14.88%
  • Published 03.07.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."

7.5

CVE-2002-0154

  • EPSS 27.95%
  • Published 16.05.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.

5

CVE-2002-0224

  • EPSS 58.26%
  • Published 16.05.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.

7.5

CVE-2002-0056

  • EPSS 21.27%
  • Published 08.03.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.

5

CVE-2002-0057

  • EPSS 41.76%
  • Published 08.03.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.

7.5

CVE-2001-0542

  • EPSS 10.36%
  • Published 20.12.2001 05:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability repo...

5

CVE-2001-0879

  • EPSS 19.48%
  • Published 20.12.2001 05:00:00
  • Last modified 03.04.2025 01:03:51

Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.

5

CVE-2001-0509

  • EPSS 12.47%
  • Published 20.09.2001 04:00:00
  • Last modified 03.04.2025 01:03:51

Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.