CVE-2001-0509
https://notcve.org/view.php?id=CVE-2001-0509
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A82 • CWE-20: Improper Input Validation •
CVE-2001-0344
https://notcve.org/view.php?id=CVE-2001-0344
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. • http://www.ciac.org/ciac/bulletins/l-095.shtml https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/6684 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A71 •
CVE-2000-1081 – Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_displayparamstmt Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-1081
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • https://www.exploit-db.com/exploits/20451 http://marc.info/?l=bugtraq&m=97570878710037&w=2 http://www.securityfocus.com/bid/2030 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A231 •
CVE-2000-1086
https://notcve.org/view.php?id=CVE-2000-1086
The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • http://marc.info/?l=bugtraq&m=97570884410184&w=2 http://www.securityfocus.com/bid/2041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092 •
CVE-2000-1082
https://notcve.org/view.php?id=CVE-2000-1082
The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • http://marc.info/?l=bugtraq&m=97570878710037&w=2 http://www.securityfocus.com/bid/2031 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092 •