LiveActive security incident?Get immediate response
CVE archive

December 2000

Browse CVE records published in December 2000, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 57 matching CVEs · Page 1 of 2.

Unknown · CVSS Not scored

CVE-2000-1081: The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not prop...

The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Published Dec 19, 2000 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2000-1088: The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not p...

The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Published Dec 19, 2000 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2000-1086: The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not...

The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Published Dec 19, 2000 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2000-1082: The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properl...

The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Published Dec 19, 2000 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2000-1085: The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not proper...

The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Published Dec 19, 2000 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2000-1084: The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly...

The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Published Dec 19, 2000 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2000-1104: Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-07...

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.

Published Dec 19, 2000 · Updated Aug 8, 2024