Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql server vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-1999-1556
Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
Microsoft Sql Server 6.5
641
VMScore
CVE-2000-0199
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
Microsoft Sql Server 7.0
220
VMScore
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
Microsoft Sql Server 7.0
2 EDB exploits
445
VMScore
CVE-2002-1981
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows malicious users to modify configuration including SQL server startup and alert settings.
Microsoft Sql Server 2000
505
VMScore
CVE-2004-1560
Microsoft SQL Server 7.0 allows remote malicious users to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow.
Microsoft Sql Server 7.0
1 EDB exploit
445
VMScore
CVE-2002-0729
Microsoft SQL Server 2000 allows remote malicious users to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
Microsoft Sql Server 2000
383
VMScore
CVE-2011-1280
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote malicio...
Microsoft Sql Server Management Studio Express 2005
Microsoft Sql Server 2005
Microsoft Sql Server 2008
Microsoft Visual Studio 2005
Microsoft Office Infopath 2007
Microsoft Visual Studio 2008
Microsoft Visual Studio 2010
Microsoft Office Infopath 2010
187
VMScore
CVE-2016-3059
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 prior to 6.3.1.7 and 6.4 prior to 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 prior to...
Ibm Tivoli Storage Flashcopy Manager For Sql Server
Ibm Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server
187
VMScore
CVE-2020-1455
A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service. To exploit the vulnerability, an attacker would first require execution on the victim ...
Microsoft Sql Server Management Studio
445
VMScore
CVE-2001-0509
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and previous versions, (2) Microsoft SQL Server 2000 and previous versions, (3) Windows NT 4.0, and (4) Windows 2000 allow remote malicious users to cause a denial of service via malformed inputs.
Microsoft Exchange Server 5.5
Microsoft Exchange Server 5.0
Microsoft Exchange Server 2000
Microsoft Sql Server 7.0
Microsoft Sql Server 2000
Microsoft Windows Nt 4.0
Microsoft Windows 2000 -
Microsoft Windows 2000
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »