SQLWebpedia

Microsoft released on February 10th a security update for SQL 2000, MSDE and SP2 releases of SQL 2005 including express (SP3 contains the fix; SQL 2008 is not affected by it). http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx
The SQL injection vulnerabilities are getting new found news coverage because of some new exploits in database SQL injection (SQL server just had the buffer overflow, MySQL and PostgreSQL have new command shell exploits). Read more here: http://www.theregister.co.uk/2009/04/02/new_sql_injection_attack
There is an open source exploit testing tool for the command line at http://sqlmap.sourceforge.net/ which means good guys and the bad guys have easy access. Their readme document has some very good explanation of SQL exploits.
My perspective is that we all should be using stored procedures to access data, eliminating most of these exploits unless you use dynamic sql in your procs.