CVSS: 7.5EPSS: 13%CPEs: 9EXPL: 0CVE-2001-0509
https://notcve.org/view.php?id=CVE-2001-0509
29 Aug 2001 — Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-041 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2001-0344
https://notcve.org/view.php?id=CVE-2001-0344
21 Jul 2001 — An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. • http://www.ciac.org/ciac/bulletins/l-095.shtml •
CVSS: 9.8EPSS: 10%CPEs: 4EXPL: 2CVE-2000-1081 – Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_displayparamstmt Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-1081
19 Dec 2000 — The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • https://www.exploit-db.com/exploits/20451 •
CVSS: 9.8EPSS: 49%CPEs: 4EXPL: 1CVE-2000-1082
https://notcve.org/view.php?id=CVE-2000-1082
19 Dec 2000 — The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • http://marc.info/?l=bugtraq&m=97570878710037&w=2 •
CVSS: 9.8EPSS: 6%CPEs: 4EXPL: 2CVE-2000-1083 – Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_showcolv Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-1083
19 Dec 2000 — The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • https://www.exploit-db.com/exploits/20456 •
CVSS: 9.8EPSS: 49%CPEs: 4EXPL: 1CVE-2000-1084
https://notcve.org/view.php?id=CVE-2000-1084
19 Dec 2000 — The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • http://marc.info/?l=bugtraq&m=97570878710037&w=2 •
CVSS: 9.8EPSS: 13%CPEs: 4EXPL: 2CVE-2000-1085 – Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_peekqueue Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-1085
19 Dec 2000 — The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • https://www.exploit-db.com/exploits/20457 •
CVSS: 9.8EPSS: 49%CPEs: 4EXPL: 1CVE-2000-1086
https://notcve.org/view.php?id=CVE-2000-1086
19 Dec 2000 — The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • http://marc.info/?l=bugtraq&m=97570884410184&w=2 •
CVSS: 9.8EPSS: 49%CPEs: 4EXPL: 1CVE-2000-1087
https://notcve.org/view.php?id=CVE-2000-1087
19 Dec 2000 — The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • http://marc.info/?l=bugtraq&m=97570884410184&w=2 •
CVSS: 9.8EPSS: 31%CPEs: 4EXPL: 1CVE-2000-1088
https://notcve.org/view.php?id=CVE-2000-1088
19 Dec 2000 — The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. • http://marc.info/?l=bugtraq&m=97570884410184&w=2 •