Description
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin The Welcomizer 'twiz-index.php' Cross-Site Scripting (1.3.9.4)
WordPress 4.1.x Prototype Pollution (4.1 - 4.1.34)
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-1921)
WordPress Plugin All-in-One Custom Backgrounds Lite Unspecified Vulnerability (2.0.2)
WordPress Plugin Ajax Pagination (twitter Style) Local File Inclusion (1.1)