229 matches found
Debian DSA-303-1 : mysql - privilege escalation
CAN-2003-0073: The mysql package contains a bug whereby dynamically allocated memory is freed more than once, which could be deliberately triggered by an attacker to cause a crash, resulting in a denial of service condition. In order to exploit this vulnerability, a valid username and password...
Debian DSA-013 : MySQL - remote buffer overflow
Nicolas Gregoire has reported a buffer overflow in the mysql server that leads to a remote exploit. An attacker could gain mysqld privileges and thus gaining access to all the databases. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...
CVE-2002-1375
The COMCHANGEUSER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response...
FreeBSD : mysql -- mysqlhotcopy insecure temporary file creation (125)
The following package needs to be updated: mysql-scripts %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg0c4d5973f2ab11d89837000c41e2cdad.nasl. Disabled on 2011/10/01. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
Oracle MySQL < 3.23.55 Double Free() Overflow
Binary data 1908.prm...
Oracle MySQL Mysqlhotcopy Script Insecure Temporary File Creation
Binary data 2129.prm...
Mandrake Linux Security Advisory : MySQL (MDKSA-2003:057)
In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the 'SELECT INTO OUTFILE' operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon. This has been fixed upstream in...
RHEL 2.1 : mysql (RHSA-2003:094)
Updated packages are available that fix both a double-free security vulnerability and a remote root exploit security vulnerability found in the MySQL server. Updated 11 Aug 2003 Updated mysqlclient9 packages are now included. These were previously missing from this erratum. MySQL is a multi-user,...
RHEL 2.1 : mysql (RHSA-2002:289)
Updated packages are available for Red Hat Linux Advanced Server 2.1 that fix security vulnerabilities found in the MySQL server. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 MySQL is a multi-user, multi-threaded SQL database server. While auditing MySQL, Stefan Esser fou...
Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts
Advisory: cPanel/Fantastico/mysql local vulnerability Date: 5/19/04 By: Michael Curtis email at curto dot us System: Redhat Enterprise 3 ES / cPanel 9.3.0-R5 most likely all redhat versions with all cpanel versions Severity: High, full compromise of local databases, password retrieval Background:...
teapop SQL injection
SQL injection is possible during authentication if postgresql or mysql is used...
CVE-2003-0780
Buffer overflow in getsaltfrompassword from sqlacl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field...
Important: Red Hat Security Advisory: : : : Updated MySQL packages fix vulnerabilities
Updated MySQL server packages for IBM iSeries and pSeries systems fix a number of security issues. MySQL is a multi-user, multi-threaded SQL database server. A double-free vulnerability in mysqld, for MySQL before version 3.23.55, allows attackers with MySQL access to cause a denial of service...
Important: Red Hat Security Advisory: mysql security update
Updated packages are available that fix both a double-free security vulnerability and a remote root exploit security vulnerability found in the MySQL server. Updated 11 Aug 2003 Updated mysqlclient9 packages are now included. These were previously missing from this erratum. MySQL is a multi-user,...
CVE-2002-1479
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges...
MySQL 3.23.x - mysqld Local Privilege Escalation
MySQL 3.23.x - mysqld Local Privilege Escalation source: https://www.securityfocus.com/bid/7052/info A vulnerability has been discovered for MySQL that may allow the mysqld service to start with elevated privileges. An attacker can exploit this vulnerability by creating a DATADIR/my.cnf that...
Important: Red Hat Security Advisory: : Updated MySQL packages fix various security issues
Updated MySQL packages are available for Red Hat Linux 7, 7.1, 7.2, 7.3, and 8.0 which fix security vulnerabilities found in the MySQL server. MySQL is a multi-user, multi-threaded SQL database server. While auditing MySQL, Stefan Esser found security vulnerabilities that can be used to crash the...
Important: Red Hat Security Advisory: mysql security update
Updated packages are available for Red Hat Linux Advanced Server 2.1 that fix security vulnerabilities found in the MySQL server. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 MySQL is a multi-user, multi-threaded SQL database server. While auditing MySQL, Stefan Esser fou...
CVE-2002-1921
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database...
CVE-2002-1375
The COMCHANGEUSER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response...