Oracle

Mysql

1431 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.33%
  • Veröffentlicht 16.08.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:15:12

Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name ...

  • EPSS 4.73%
  • Veröffentlicht 16.08.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:15:13

MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the...

  • EPSS 2.81%
  • Veröffentlicht 16.08.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:15:13

The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitr...

  • EPSS 0.62%
  • Veröffentlicht 17.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:13:24

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.

Exploit
  • EPSS 18.44%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:11:37

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

Exploit
  • EPSS 12.84%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:11:37

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is pr...

Exploit
  • EPSS 1.7%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:11:37

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

  • EPSS 0.59%
  • Veröffentlicht 14.04.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:10:20

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Exploit
  • EPSS 2.53%
  • Veröffentlicht 15.03.2005 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:11:47

MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.

  • EPSS 2.43%
  • Veröffentlicht 09.02.2005 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:06:44

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized...