CVE-2004-0957

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "" underscore, grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities...

CVE-2004-0835

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities...

Debian DSA-540-1 : mysql - insecure file creation

Jeroen van Wolffelaar discovered an insecure temporary file vulnerability in the mysqlhotcopy script when using the scp method which is part of the mysql-server package. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

CVE-2004-0457

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files...

Oracle MySQL < 4.1.5 Bounded Parameter Overflow

Binary data 2334.prm...

FreeBSD : mysql -- heap buffer overflow with prepared statements (124)

The following package needs to be updated: mysql-client %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg77420ebb0cf411d98a8a000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

GLSA-200409-02 : MySQL: Insecure temporary file creation in mysqlhotcopy

The remote host is affected by the vulnerability described in GLSA-200409-02 MySQL: Insecure temporary file creation in mysqlhotcopy Jeroen van Wolffelaar discovered that the MySQL database hot copy utility mysqlhotcopy.sh, when using the scp method, uses temporary files with predictable names. A...

CVE-2002-1374

The COMCHANGEUSER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password...

CVE-2002-1373

Signed integer vulnerability in the COMTABLEDUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service crash or hang in mysqld by causing large negative integers to be provided to a memcpy call...

CVE-2003-0073

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service crash via mysqlchangeuser...

Oracle MySQL 6.0 < 6.0.10 XPath Expression DoS

Binary data 5002.prm...

MySQL fails to properly handle overly long "scramble" values

Overview There is a buffer overflow vulnerability in the way MySQL handles overly long "scramble" strings, which could allow an attacker to cause a denial of service or potentially execute arbitrary code. Description MySQL is an open-source database system available for Microsoft Windows, Linux,...

MySQL fails to properly evaluate zero-length strings in the check_scramble_323() function

Overview There is a vulnerability in the password authentication mechanism of MySQL which could allow an attacker to bypass authentication by supplying a zero-length string. Description MySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating...

MySQL 4.15.0 - Zero-Length Password Authentication Bypass

MySQL 4.15.0 - Zero-Length Password Authentication Bypass !/usr/bin/perl The script connects to MySQL and attempts to log in using a zero-length password Based on the vuln found by NGSSecurity The following Perl script can be used to test your version of MySQL. It will display the login packet se...

CVE-2004-0628

Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long scramble string...

Insecure Temporary File Creation In MySQL

Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description The MySQL bug reporting utility mysqlbug creates a temporary file to log bug reports to. A malicious local user with write access to the /tmp directory could create a symbolic link of the name...

Important: Red Hat Security Advisory: : Updated MySQL packages fix vulnerability

Updated MySQL server packages fix a buffer overflow vulnerability. MySQL is a multi-user, multi-threaded SQL database server. Frank Denis reported a bug in unpatched versions of MySQL prior to version 3.23.58. Passwords for MySQL users are stored in the Password field of the user table. Under thi...

CVE-2003-0780

Buffer overflow in getsaltfrompassword from sqlacl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field...

MySQL fails to validate length of password field

Overview A vulnerability in MySQL could permit a malicious user to execute arbitrary code on the system. Description MySQL is a database system. MySQL contains a buffer overflow vulnerability in the processing of the password field of the MySQL database, specifically "SET PASSWORD". A malicious...

[SECURITY] [DSA-381-1] New mysql packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 381-1 [email protected] http://www.debian.org/security/ Matt Zimmerman September 13th, 2003 http://www.debian.org/security/faq -...