- EPSS 74.58%
- Veröffentlicht 22.09.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:49
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
- EPSS 44.83%
- Veröffentlicht 24.03.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:01:39
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by mod...
- EPSS 2.99%
- Veröffentlicht 19.02.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:01:27
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
CVE-2002-1809
- EPSS 16.12%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:00:01
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
CVE-2002-1921
- EPSS 2.53%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:00:18
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
CVE-2002-1923
- EPSS 2.53%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:00:18
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
- EPSS 3.64%
- Veröffentlicht 23.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:12
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
CVE-2002-1374
- EPSS 20.45%
- Veröffentlicht 23.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:12
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the fi...
CVE-2002-1375
- EPSS 23.51%
- Veröffentlicht 23.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:12
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
CVE-2002-1376
- EPSS 6.79%
- Veröffentlicht 23.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:12
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and po...