CVE-2022-31026

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version...

EUVD-2002-2022

Malware in sbrugna...

CVE-2023-37268

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

CVE-2003-0515

SQL injection vulnerabilities in the 1 PostgreSQL or 2 MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges...

VulnCheck KEV: CVE-2011-2688

SQL injection vulnerability in mysql/mysql-auth.pl in the modauthnzexternal module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field...

CVE-2022-31026 Use of Uninitialized Variable in trilogy

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version...

CVE-2015-7224

puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysqluser' user parameter contains a host with a netmask...

CVE-2002-2043

SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password...

MySQL Remote Preauth User Enumeration Zeroday

No description provided by source. MySQL User Account Enumeration Utility When an attacker authenticates using an incorrect password with the old authentication mechanism from mysql 4.x and below to a mysql 5.x server the mysql server will respond with a different message than Access Denied, what...

Immunity Canvas: MYSQL_LOGIN_REMOTE

Name| mysqlloginremote ---|--- CVE| CVE-2012-2122 Exploit Pack| CANVAS Description| MySQL authentication bypass Notes| CVE Name: CVE-2012-2122 OSVDB: http://www.osvdb.org/displayvuln.php?osvdbid=??? Notes: Mysql authentication can be bypassed by bruteforcing a wrong password until the server miss...

DEBIAN-CVE-2011-2688

SQL injection vulnerability in mysql/mysql-auth.pl in the modauthnzexternal module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field...

PT-2011-4029 · Apache +1 · Mod Authnz External +2

Name of the Vulnerable Software and Affected Versions: mod authnz external module versions 3.2.5 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands via the user field. This is related to a SQL injection vulnerability in the mysql/mysql-auth.pl script. The...

DEBIAN-CVE-2011-0432

Multiple SQL injection vulnerabilities in the getuserinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the 1 user or 2 pw argument. NOTE: some of these details are obtained from third party...

Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1

Ubuntu Update for Linux kernel vulnerabilities USN-528-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5281.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

CVE-2002-2043

SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password...

Immunity Canvas: MYSQL_AUTH_BYPASS

Name| mysqlauthbypass ---|--- CVE| CVE-2004-0627 Exploit Pack| CANVAS Description| MySQL authentication bypass Notes| CVE Name: CVE-2004-0627 OSVDB: http://www.osvdb.org/displayvuln.php?osvdbid=7475 Notes: Mysql authentication can be bypass by a special crafted password with zeroed-strings...

MySQL 4.1/5.0 zero-length password Auth. Bypass Exploit

Exploit for multiple platform in category remote exploits ======================================================= MySQL 4.1/5.0 zero-length password Auth. Bypass Exploit ======================================================= !/usr/bin/perl The script connects to MySQL and attempts to log in usin...

CVE-2004-0627

The checkscramble323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string...

MySQL 4.15.0 - Authentication Bypass

MySQL 4.15.0 - Authentication Bypass source: https://www.securityfocus.com/bid/10654/info MySQL is prone to a vulnerability that may permit remote clients to bypass authentication. This is due to a logic error in the server when handling client-supplied length values for password strings...

MySQL 4.1/5.0 - Authentication Bypass

source: https://www.securityfocus.com/bid/10654/info MySQL is prone to a vulnerability that may permit remote clients to bypass authentication. This is due to a logic error in the server when handling client-supplied length values for password strings. Successful exploitation will yield...