Mysql

Mysql

93 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.6

CVE-2005-2558

  • EPSS 14.8%
  • Veröffentlicht 16.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name ...

5

CVE-2005-2573

  • EPSS 0.7%
  • Veröffentlicht 16.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitr...

4.6

CVE-2005-1636

  • EPSS 0.03%
  • Veröffentlicht 17.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.

2.1

CVE-2005-0711

Exploit
  • EPSS 0.35%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

4.6

CVE-2005-0710

Exploit
  • EPSS 24.22%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is pr...

4.6

CVE-2005-0709

Exploit
  • EPSS 33.89%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

10

CVE-2004-0628

  • EPSS 6.38%
  • Veröffentlicht 06.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.

10

CVE-2004-0627

  • EPSS 49.14%
  • Veröffentlicht 06.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.

2.6

CVE-2004-0837

Exploit
  • EPSS 2.36%
  • Veröffentlicht 03.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

7.5

CVE-2004-0835

Exploit
  • EPSS 3.65%
  • Veröffentlicht 03.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauth...