Page 11 of 60 results (0.010 seconds)

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A82 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. • http://www.ciac.org/ciac/bulletins/l-095.shtml https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/6684 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A71 •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 2

The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • https://www.exploit-db.com/exploits/20451 http://marc.info/?l=bugtraq&m=97570878710037&w=2 http://www.securityfocus.com/bid/2030 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A231 •

CVSS: 4.6EPSS: 37%CPEs: 4EXPL: 1

The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • http://marc.info/?l=bugtraq&m=97570884410184&w=2 http://www.securityfocus.com/bid/2041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092 •

CVSS: 4.6EPSS: 37%CPEs: 4EXPL: 1

The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • http://marc.info/?l=bugtraq&m=97570878710037&w=2 http://www.securityfocus.com/bid/2031 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092 •